Microsoft Offers $250K for Conficker Worm Info

Microsoft and nearly 20 other organizations and firms have joined forces to formulate a coordinated, global response to the Conficker (AKA Downadup) worm. At the same time, Microsoft announced a $250,000 reward for information that leads to the conviction of the hackers behind Conficker.

The last time Microsoft offered a reward was in 2004, when it posted a $250,000 reward for the maker of the Sasser worm.

Along with Microsoft, organizations involved in this collaborative effort include ICANN, Symantec, F-Secure, NeuStar, VeriSign, CNNIC, Afilias, Public Internet Registry, Global Domains International Inc., M1D Global, AOL, ISC, researchers from Georgia Tech, the Shadowserver Foundation, Arbor Networks and Support Intelligence.

The coalition plans to either pre-register or remove from circulation as many of the hundreds of domains that the worm uses to download updates as possible. Conficker checks a list of up to 250 different domain names each day for instructions.

By blocking that capability, Conficker would be restricted to receiving updates or instructions only through its secondary (and less efficient) P2P feature.

In a separate post, Symantec announced the coalition on its own site, and noted that in the past five days, the company has observed averages of 453,436 IP addresses infected per day with W32.Downadup.A and 1,745,231 IP addresses infected per day with W32.Downadup.B.

The Conficker worm, which has been in circulation since 2008, spreads through a hole in Windows systems, exploiting a flaw that Microsoft closed in an out-of-band patch in October. It also spreads via removable storage devices like USB flash drives, and network shares by guessing usernames and passwords.