News

Microsoft Offers Bounties for Virus Outlaws

Stung by brutal virus attack after brutal virus attack on its core products, Microsoft is fighting back with a $5 million reward fund for those that turn in virus authors.

• By Doug Barney
• 11/06/2003

Already half a million dollars is earmarked for the arrest of the authors of the MSBlaster and Sobig viruses.

Microsoft first hinted of such a fund at last month's Microsoft Worldwide Partner Conference in New Orleans. An audience member proposed the fund to Microsoft CEO Steve Ballmer, who liked the idea, and suggested that it was something Microsoft might very well be working on.

These viruses are a big black eye for Outlook, the world's most popular e-mail client and a popular haven for viruses, as well as Microsoft applications and operating systems targeted by a crafty and morally bankrupt array of virus mongers who hide behind spoofed IP addresses and mail relays. These criminals have been loathe to turn on their own, an attitude Microsoft plans to change with some cold, hard cash.

Microsoft hopes that other concerned parties find similar ways to hunt down virus authors, but the company so far is backing this fund.

At the partner conference, Ballmer stressed that Microsoft would only offer a reward in conjunction with law enforcement. And indeed, at the press conference this week Microsoft executives were flanked by FBI and U.S. Secret Service officials.

"It's a partnership approach: we present a reward to draw out information, and law enforcement agencies then use those leads in their investigations. Persons with information should go directly to the law enforcement agencies by calling their local FBI or Secret Service office or the Interpol National Central Bureau in any of Interpol's 181 member countries or by going to the FBI Internet Fraud Complaint Center Website," explained Hemanshu Nigam, corporate attorney in the Digital Integrity Group within Law & Corporate Affairs at Microsoft.

To qualify for the reward, you must provide "information that results in the arrest and conviction of those responsible for illegally launching malicious code on the Internet,' Nigam said.

For now, all rewards are for virus authors who target Microsoft products, Nigam said.

Microsoft will set rewards based on the potential destructive impact of the virus or worm, and will not offer rewards for all 200 to 300 new viruses found each month.