Unveiling a five million-dollar reward fund on Wednesday, the software giant seeks to help track down those responsible for Internet viruses and other malicious activity on the Web.
Valued at $250,000 and number one on the most-wanted list is the creator of the MSBlast.A, the first Blaster worm designed to attack Microsoft’s windowsupdate.com website.
Microsoft is also offering another $250,000 for information on the author of the Sobig virus, which attacked individual machines running Microsoft operating systems.
The bounties are being offered worldwide, in an acknowledgement of the global nature of cybercrimes, the company said.
The announcement was made in Washington to an audience packed with agents of the cybercrime divisions at the Federal Bureau of Investigations, Secret Service and Interpol.
“Malicious worms and viruses are criminal attacks on everyone who uses the Internet,” said Brad Smith, senior vice president and general counsel at Microsoft.
“These are not just Internet crimes, cybercrimes or virtual crimes. These are real crimes that hurt a lot of people. Those who release viruses on the Internet are the saboteurs of cyberspace, and Microsoft wants to help the authorities catch them.”
Smith said the that Microsoft, which has been criticized for lax security, was using the rewards in conjunction with other efforts to step up security.
The software company noted that although arrests had been made in connection with variants of the Blaster worm, the creators of the original virus had not been found.
Keith Lourdeau, acting deputy assistant director of the FBI Cyber Division, brushed aside suggestions that the trail had gone cold and welcomed the private-sector effort to help law enforcement.
“Such attacks on the Internet cost businesses worldwide millions – some estimates claim billions – of dollars and wreak havoc,” he said.
Hackers and virus creators cause
“We intend to vigorously pursue the perpetrators of these crimes, and we hope to see additional industry-government collaboration to identify these individuals.”
Peter Nevitt, Interpol’s director of information systems, acknowledged it may be difficult to track and arrest some hackers or virus creators in countries where there may be no laws on computer crimes and few extradition treaties.
But Nevitt said the agency is encouraging countries to use conventional laws such as those covering criminal damage to property to prosecute hackers and virus creators.
Some analysts said the old-style bounty system could be effective.
“This is a first – it’s a step in the right direction … People in the hacking community will turn on one another in a heartbeat,” said Patrick Gray at software-maker Internet Security Systems and a former FBI official.
“These folks have few morals, and unlike religious radicals, they have learned materialism.”
The Blaster worm started a denial of service attack against Microsoft by sending millions of requests for automated software updates, flooding the company’s computer systems.
The virus also carried a message to Bill Gates, the Microsoft founder and chairman, saying: “Billy Gates why do you make this possible? Stop making money and fix your software!!”