UPDATE - Microsoft offers $500,000 to catch virus writers
Wednesday November 5, 1:29 pm ET
By Andy Sullivan
WASHINGTON, Nov 5 (Reuters) - Microsoft Corp. (NasdaqNM:MSFT - News) on Wednesday put a $500,000 bounty on the heads of the writers of two computer bugs which infected more than half a million computers earlier this year.
Microsoft offered two $250,000 rewards for information leading to the arrest and conviction of those responsible for the Blaster worm and Sobig e-mail virus, which disabled computers and snarled Internet traffic across the globe in August and September.
The company also said it had earmarked an additional $4.5 million for future rewards.
The Wild West-style bounty underscored the threat posed by viruses and worms in an interconnected world, as well as the problems associated with catching those who originate them.
While Sobig and Blaster have caused no lasting damage, other cyberattacks have paralyzed automatic-teller machines and knocked entire countries, such as South Korea, offline. Security experts say future attacks could disable power plants, hospitals or other "critical infrastructure."
"These are not just Internet crimes, cybercrimes or virtual crimes. These are real crimes that hurt a lot of people," Microsoft General Counsel Brad Smith said at a news conference, where he was joined by officials from the U.S. FBI, Secret Service (News - Websites) , and Interpol, the international police agency.
Microsoft has suffered declining sales and widespread criticism because Blaster and some other computer bugs exploit holes in its Windows operating system.
While computer security is an industry-wide problem, "we have clear responsibility to take a leadership role in addressing the issue," Smith said.
U.S. investigators have identified suspects behind three of the six Blaster variants, but have not yet tracked down the author of the original version, said Keith Lordeau, acting deputy assistant director of the FBI's cybercrime division.
Security experts familiar with the continuing cyber dragnet said the trail had recently gone cold. The unprecedented lure of cash was seen as a way to generate new leads, sources said.
"Apparently, they haven't had too much luck, which is why they are resorting to offering money," said Mikko Hypponnen, research manager at Finnish anti-virus firm F-Secure.
That approach could work for Blaster, likely the work of a lone hacker, he said. But the Sobig virus, which installed a program that could turn infected computers into senders of "spam" e-mail, was probably developed by a group with profits in mind, and thus much tougher to crack, he added.
Informants will be eligible for the reward regardless of country of residence, Smith said, as long as the suspect is found guilty. Internet users can send tips to any FBI, Secret Service or Interpol office, or online at the Internet Fraud Complaint Center (http://www.ifccfbi.gov
) or Interpol (http://www.interpol.int
). (Additional reporting by Bernhard Warner in London)