Want to help and earn $250.000?

Key Points

· In October 2008, the so-called “Conficker” computer worm was first detected, targeting the Microsoft Windows® operating system by exploiting a vulnerability in the Windows Server service.

· It is estimated that some three million computers are currently infected by the worm and, amid certain conditions, the worm can continue to spread throughout the technology ecosystem.

· In an effort to thwart Conficker, Microsoft, in collaboration with other technology industry leaders and academia, launched this month a global response to the worm.  The multi-part program includes Microsoft’s offer of $250,000 for information resulting in the arrest and conviction of those responsible.   


A computer worm is a software program designed to copy itself from one computer to another without human interaction. Unlike a computer virus, a worm can copy itself automatically in great volume. For example, a worm may send out copies of itself to every contact in an e-mail address book, and then send itself to the contacts in the follow-on recipients’ e-mail address books. As cyber threats have rapidly evolved, a greater level of industry coordination and new tactics for communication and threat mitigation are required. This is a unique instance where the broader, global security community has come together to help protect Internet users.

As part of our continuing efforts to protect customers, Microsoft is collaborating with technology industry leaders and academia and implementing a global response to the Conficker worm. To disrupt the spread of the worm and prevent potential attacks such as remote code execution, which allows an attacker to take control of your computer and use it for malicious purposes, this partnership among Microsoft, security researchers, Internet Corporation for Assigned Names and Numbers (ICANN), and operators within the Domain Name System (DNS) has disabled a significant number of domains targeted by Conficker. Microsoft also, as part of its Anti-Virus Reward Program launched in 2003, announced a $250,000 reward for information that results in the arrest and conviction of those responsible for illegally launching the malicious Conficker code. Microsoft’s Anti-Virus Reward Program, initially funded with $5.0 million, was created to help law enforcement agencies identify and bring to justice those who illegally release damaging worms, viruses and other types of malicious code. In 2004, Microsoft rewarded $250,000 to two individuals who helped identify the creator of the notorious Sasser worm. Sasser, designed to attack the Microsoft Windows® operating system, infected computers worldwide, causing them to crash and reboot. The author of the worm was arrested in May 2004, and later found guilty by a court in Germany.

What’s Being Done About Conficker and What You Can Do

· Microsoft estimates some three million machines are currently infected by the worm. Different companies use different methodologies to project infection levels, so the reported number has varied widely.

· Microsoft facilitated and led the industry in collaborating on this issue, but the collective expertise and contributions made this an unparalleled global, online security response.

· Malware attacks may use a variety of tactics to remain undetected. Microsoft encourages those who are unable to access updates to visit live.safety.com and run the Windows Live OneCare safety scanner to check for and remove malware.

· A second phase of the threat may follow; however, Microsoft believes the tremendous attention this worm has received from industry and law enforcement will serve as a deterrent to a large-scale secondary attack.  Microsoft and others in industry are working diligently to limit the impact of any second phase.

· A system infected by Conficker will attempt to infect other systems on a network. The worm spreads in several ways, one of which is by exploiting a vulnerability that was addressed in October 2008 with Microsoft Security Bulletin MS08-067. Conficker can’t infect machines that have the update. But, it can spread in other ways to: systems with weak passwords; machines loaded with an infected removable media such as a USB stick, and machines running outdated anti-virus software—or no anti-virus software. This is why it is critically important for consumers to follow Microsoft’s “Protect Your PC” guidance at www.microsoft.com/protect.  Meanwhile, enterprises should employ a holistic “defense in depth” approach to security.

o For passwords specifically, Microsoft’s ongoing guidance is that individuals adopt “strong” passwords – those with eight characters or more, including letters, numbers and symbols that are easy to remember and difficult for others to guess.    

· Thus far, only two variants of the worm have been discovered – Conficker.A and Conficker.B. Information on these variants can be found on the MMPC Portal or on the MMPC blog.

Helpful Resources:

Find information about how to protect against Conficker and other worms at:

o www.microsoft.com/protect

o http://www.microsoft.com/conficker

o http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx

o http://www.microsoft.com/protect/computer/viruses/worms/remove.mspx

o http://www.microsoft.com/protect/computer/viruses/worms/prevent.mspx