informa
/
Risk
Commentary

Microsoft Puts $250,000 Bounty On Downadup Bot Author

Even as the Downadup (aka Conficker) infection spreads at a rate of millions of compromised machines a day spreads, Microsoft is leading a group of security organizations and companies in attempt to nab the malware's author(s). There's a $250,000 price on the malware creator's head(s)now.
Even as the Downadup (aka Conficker) infection spreads at a rate of millions of compromised machines a day spreads, Microsoft is leading a group of security organizations and companies in attempt to nab the malware's author(s). There's a $250,000 price on the malware creator's head(s)now.The Microsoft-led bounty hunting award reflects both the seriousness of the Downadup problem -- variants of the worm are racking up infection numbers in the million+ infected computers a day range -- and the understanding that only a coordinated effort is likely to have any effect.

That effort is aimed at sealing off the domains that infected machines contact for instructions.

Those instructions haven't appeared yet, but the sheer size of the infection would give the malware authors a powerful botnet capable of launching devastating attacks should a move be made toward putting it to work.

Whether or not the coordinated effort, or the bounty, nabs the people behind Downadup, it's a step in the right direction.

But considering the fact that the Downadup/Conficker infection exists at all because of the failure to install a widely publicized critical patch released last October, one can hope that the coordinated effort will extend to solving the still massive, still persistent problem of unpatched vulnerabilities for which patches have long been available.

That, though, will take a lot more than $250,000.

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5