CONBOUNTY (04.03.09)

Why does the prop not have a closing date of 09.01.2009? That's the last date as stated in the payout statement, it should ne in the Closing Date as well, instead of n/a.

And just in the unlikely case if anybody is going to address this issue, I would like to ask why INDIAMN has a closing date even if it should be and open one by its very nature. I have already asked a couple of times and nothing happened.

Has Conficker actually done anything yet that was malicious, I thought it was supposed to do whatever it was going to on April 1st, just curious if anything actually happened.

Conficker did nothing on April 1st, but it has control of 4% of the unpatched computers in the world.

MS offering a bounty for the people behind Conficker raises an interesting question; what the hell will they do with the information?

First of all, they're unlikely to get any prosecution going. The virus is believed to have originated in China, where MS holds pretty much no sway whatsoever.

news.cnet.com/8301-1009_3-10206754-83.html?part=rss&subj=news&tag=2547-1_3-0-20

Second of all, MS wouldn't be able to prove anything. If someone gave them the name and address of the main honcho running the show, supplying documents and files that demonstrated the development of the virus, the most they could do would be to send a nasty email or letter.

And even if they COULD get law enforcement behind them and the perpetrators were in a country that would prosecute them, they'd have nothing to work with beyond a "nuisance" charge, since conficker hasn't done anything bad yet.

MS could hope for a lead to track down the conficker virus' home base. And that, I believe, is what they're looking to find--information that would help them narrow down the locale.

But that's even kind of silly, given the nature of the net. Someone in the U.S. could easily use a German internet hosting company to entice Chinese users into a P2P connection that would start the ball rolling.

The MOST MS could hope for would be one of the conspirators turning tail and offering up information that would allow them to nullify the worm. This could happen, but it could create a dangerous precedent. If it became a practice to offer cash to stop a worm or virus, malicious developers could start asking for "go away" money in the same way organized crime asks for "protection" money.

It seems more likely that MS's bounty was put out as a PR effort to show they are taking steps to counteract internet crime, rather than a bona fide attempt a la "Most Wanted". There is little they could do with any information provided, very little liklihood they'll pay out on the bounty, and a grave liklihood it could be an invitation to "internet blackmail".

With so little on the upside, and the dangers so great, it looks likely that MS will not increase the bounty. It looks more likely that they will withdraw it, and probably soon.

This looks really short, short, short right now.

MS claims their bounty helped catch the author of the Sasser worm in '04. But the stipulations on the money say any information has to lead to a successful arrest AND prosecution, so the chances of them having to actually pay out any money is slim so yeah, this is more PR than crime fighting.

However, if the worm ever ramps up it's activity like it was supposed to on April 1, I can see MS upping the bounty. If we agree that this is PR then more money is more PR, and MS can afford it. They claim they have 5 million set aside for this kind of thing so raising it to 500,000 would not be difficult or painful to them because they know they probably will never have to pay it.

Since the prop says MS only has to OFFER more money and not actually pay it out, I'm going long.

After reading up a bit more on the MS Anti-virus Program, I can see where some of my above comments were off the mark. But I also saw a lot more indicators of why this is going to go short.

Just think about it; what would be a reason for MS to increase the reward? To catch the people behind Conficker, obviously. But MS did not increase the reward for the creators of MyDoom-B and MSBlaster, and the original authors were never caught. Variants of these programs continue to appear (and sometimes the originators of the variants get caught), but MS has never increased the reward.

So obviously the desire to catch the perpetrator alone would not be enough. So maybe a good reason would be to stop the damage being done by a virus or worm. That would have been a good motive to increase the reward for the creators of MyDoom-B, SoBig, and MSBlaster, but MS did not.

Conficker, on the other hand, has not done any damage to date. It spreads, and that's all. It doesn't bog down your system, it doesn't crash your hard drive, it doesn't clog your email, and it doesn't even direct your computer to do something goofy. Sure, once its on a machine it props open a door which might allow someone to "take over" your machine, and supposedly it tries to isolate passwords. But nothing has actually happened from this activity.

Now maybe they'd increase the reward if the virus was difficult to detect or eliminate. But this is not so; the easiest way to tell if the Conficker virus is on your computer is to try to connect to an anti-virus vendor or MS's update pages. It won't let you. And there's a good reason... because these sites have other tools to detect and counteract the virus.

pcworld.com/article/162219/security.html?tk=rss_news

arstechnica.com/security/news/2009/04/confickerc-appears-on-schedule-but-only-as-a-whisper.ars

i.gizmodo.com/5192951/reminder-how-to-fix-conficker

So... the virus has not done significant harm and is easy to identify and disable... why increase the reward?

There would be only one reason to do so. If someone were able to actually harness the infected computers into a huge, malevolent botnet that wreaked havoc around the net. But MS would not increase the reward as soon as it happened. Rather, they'd wait until there was a storm of media attention and the perception that they "weren't doing enough" became widespread.

That's what prompts MS to offer the reward in most cases. There are many more-menacing, more-damaging, and more-serious threats out there than Conficker, and MS has never offered the reward for any of them. Instead, it offers it only for high-publicity cases, and often (like in the cases of MyDoom, MSBlaster, and Conficker) when a "deadline" is approaching.

There will be plenty of time to make the necessary adjustments before MS increases the reward. You'll see a shitstorm of publicity about the evil botnet and maybe some actual damage.

In the meantime, there is no reason for MS to change the reward offer, and this remains

short, short, short.

Good points.