Microsoft Corp yesterday said it has decided to offer a $250,000 reward for information leading to arrest and conviction of the writer of the MyDoom.B email worm, which infects Windows machines and will attack www.microsoft.com on Tuesday.
The news follows a similar offer from The SCO Group Inc, which will be hit by the A variant of the worm in a denial-of-service style attack on Sunday. On Tuesday, SCO put up a $250,000 bounty on the same terms.
If, as some virus experts believe, the same person or group wrote both A and B variants, the reward for an informant or internet sleuth would be half a million dollars. The rewards are collectable in any country, if permissible by local laws.
This worm is a criminal attack, said Microsoft general counsel Brad Smith in a statement. Its intent is to disrupt computer users, but also to keep them from getting to anti-virus locations and other sites that could help them.
As well as the forthcoming DDoS on Microsoft, MyDoom.B, which was released Wednesday, differs from Monday’s original in that it also edits the local DNS hosts file to try to block access to a long list of anti-virus resources, microsoft.com among them.
Last November, Smith announced that Microsoft had set aside $5m for rewards for the information on virus writers’ identities. In addition to MyDoom.B, the worms SoBig.A and MSBlast.A have Microsoft rewards associated with them.
The decision to offer a bounty on B’s author, but not A’s, suggests Microsoft’s own systems must be affected before a reward is issued. But a Microsoft spokesperson said rewards are approved or otherwise on a case-by-case basis.
It’s not so much that we’re upset it’s going to attack us, but certainly we’ve considered not only that it attacks us but that it impacts the ability of customers to go to our site, Microsoft’s Sean Sundwall said.
The B variant, while still spreading in the wild, has not thrived as strongly as the original, which is also still active. It is suggested that a combination of user caution (temporary, no doubt) and some programming flaws may be responsible.
Neither company is currently commenting on how it hopes to fend off the DDoS attacks due to start this weekend. SCO is likely to see the larger attack, given that both viruses, including the more successful A variant, will target it.
When Microsoft has been targeted by DDoS in the past, it has signed up for a content distribution service. When it used Akamai’s Linux-driven CDN, it received, probably unfairly, a modicum of bad publicity, which SCO undoubtedly would be keen to avoid.
SCO is currently of the opinion that MyDoom.A was created by a person who disagrees with SCO’s intellectual property claims on Linux, and the associated lawsuits and nastygrams it has been filing.
People who have more concrete information on the identities of the authors of either MyDoom variant are urged to contact Interpol or the FBI, both of which are keen to find the culprits, rather than Microsoft or SCO.
This article is based on material originally published by ComputerWire