Microsoft offers $250,000 to nab author of Conficker worm

Microsoft has announced a $250,000 reward for information leading to the arrest of those responsible for an internet worm that has been infecting more than two million computers a day for the past five days.

The company said in a news release Thursday that it has also joined forces with several major organizations and firms in the industry an effort to stem the spread of the Conficker or "Downandup" worm, which infects computers running various versions of Microsoft Windows, especially those that have not been patched with a security upgrade issued by Microsoft in October.

'The existence of bounty does kind of signal the fact that there's a serious problem here.' Richard Reiner, internet security specialist

Norton Antivirus maker Symantec Corp. said Thursday that in the past five days, an average total of 2.2 million IP addresses have been infected with two different variants of the worm, which was first noticed on the internet in November.

The worm disables Windows security features and makes the computer part of a "botnet" of other infected computers that take orders from a varying series of servers on the internet. As such, it may gather personal information, install malicious programs on the computer, and attack or infect other computers.

The Internet Corporation for Assigned Names and Numbers (ICANN), the organization that ensures each computer on the internet has a unique identifier, is working with Microsoft and internet security firms to help disable servers used by Conficker.

Unlike some other worms, Conficker doesn't require any user intervention to spread, and that makes it harder to stop, said Richard Reiner, founder and CEO of Assurent, a company and specialized in studying and managing technology security vulnerabilities and was later bought by Telus.

Last worm bounty was in 2004

"The existence of bounty does kind of signal the fact that there's a serious problem here," Reiner said.

"There certainly isn't 100 per cent confidence that technical measures alone will be enough."

He added that because the worm steals personal information, victims may be vulnerable to identity theft and fraud.

However, he suggested that the people behind Conficker will have to change their behaviour and become more stealthy as a result of Microsoft's high-profile reward.

It is the first time Microsoft has put a bounty on the makers of malicious code since 2004, when it posted a $250,000 reward for those responsible for the Sasser worm. It paid out that reward in July 2005.

According to Microsoft, Conficker can spread to some computers that have been patched, via methods such as USB memory sticks or figuring out weak passwords.