Microsoft Confident Bounties Will Nab Virus Writers
Tue February 24, 2004 09:27 AM ET
By Bernhard Warner,
European Internet Correspondent

LONDON (Reuters) - A trio of bounties Microsoft Corp. placed on the heads of virus writers has generated a variety of investigative leads, but still no arrests, a top security official from the software giant said on Tuesday.

In November, Microsoft created a $5 million fund to pay ordinary computer users for tips leading to the arrest and prosecution of the creators of computer viruses and worms that use its ubiquitous Windows operating system to wreak havoc online.

Microsoft issued three separate $250,000 bounties for information on the whereabouts of the SoBig, Blaster and MyDoom virus authors over the past three months.

I am confident there will be some arrests that will result from at least one of the three bounties we have issued. The odds are in our favor, said David Aucsmith, chief technology officer for Microsoft Corp's security business and technology unit.

We have good leads and various law enforcement entities are tracking those leads, he told Reuters on the sidelines of cyber security conference in London. He declined to provide a timeframe for a possible arrest.

Aucsmith added that the investigation involved multiple countries, but declined to say which ones.

Security experts have had difficulty pinpointing the culprits. For example, a data trail led to Russia as the origin of last month's MyDoom virus outbreak, but security experts disagree on whether the culprit is from the region.

Aucsmith said the company's own investigation revealed that the culprits would be either mid-sized thieves or organized crime gangs.

The first camp use computer viruses to steal the users' personal details from e-mail addresses to bank and credit card details. The second group are looking to break into companies or banks for big pay-offs.

Each group has a goal of sabotaging a computer from which they can steal data or take it over to unleash further digital attacks on new targets, Aucsmith said.

He also said virus writers were able to take a known vulnerability in software code and create a malicious program in a matter of days and hours. The same thing took weeks and months just two years ago.

Microsoft has taken considerable heat from the business sector for the latest outbreak of viruses and worms, which are costing companies vast sums of money in lost productivity and damaged infrastructure.
Source: Reuters