CBSN

Microsoft: $5M For Virus Villains

computer worm windows microsoft bug virus
CBS/AP
Microsoft Corp. is creating a $5 million reward program to help law enforcement identify and convict those who illegally release worms, viruses and other types of malicious programs on the Internet.

Microsoft said Wednesday the first two rewards it will offer will be for information leading to the arrest and conviction of those responsible for the spread of the MSBlast.A worm and the SoBig virus unleashed earlier this year.

The company offered $250,000 rewards for each.

Those two malicious programs attacked computers that ran Microsoft's Windows operating system and caused widespread problems for companies and home users earlier this year.

Microsoft executives made the announcement, flanked by representatives of the FBI, Secret Service and Interpol international police agency. Residents of any country are eligible for the rewards, officials said.

"The malicious distribution of worms and viruses…are far from victimless crimes," said Keith Lourdeau, acting deputy assistant director of the FBI Cyber Division. He noted that Internet attacks have cost businesses and home users millions of dollars, with some estimates putting it into the billions.

Microsoft's software has been the target of the most serious Internet attacks over the last two years, and company founder Bill Gates has announced a "trustworthy computing" initiative to focus on improving the security of all of Microsoft's products.

The rewards being posted by Microsoft represent a new tactic by the software giant, which was specifically targeted by the creator of Blaster.

Various versions of the Blaster worm snarled computer networks around the world beginning last August, affecting over a million computers.

The computer worm exploited a security flaw in Microsoft Windows - which was subsequently repaired, with a patch available for download, although many computer users and networks got zapped regardless when they failed to download the patch.

The worm came with two messages: "I just want to say LOVE YOU SAN" and "Billy Gates, why do you make this possible? Stop making money and fix your software!"

Just as computer users were recovering from Blaster, they were hit only days later by the equally hated SoBig virus, which clogged e-mail in-boxes with a ferocity that caused trouble for both networks and individuals.

There was an arrest last August in a related case - Jeffrey Parson, 18, of Hopkins, Minn. - but he is not accused of being the original creator of Blaster, which is also known as LovSan and MSBlast. Parson, whose trial is scheduled to begin Nov. 17 in Seattle, has pleaded not guilty to crippling over 7,000 computers by modifying Blaster and then unleashing it into cyberspace.

If convicted, Parson could be sentenced to as much as ten years in prison, plus fines.

In September, federal authorities in Seattle revealed they had made a second arrest - of an individual whose name is being withheld because the suspect is a juvenile. The crime is the same as Parson: making a variant of Blaster, called "RPCSDBOT," and then distributing it along with its harmful effects.

Even before 2003's many worms and viruses were unleashed on millions worldwide - Microsoft had begun a new campaign to improve computer security, to protect its flagship product, Windows, and convince consumers that it is safe.

"New security risks have emerged on a scale that few in our industry fully anticipated," said Gates, Microsoft chairman, in a January e-mail launching the company's campaign, pointing to estimates that hackers and other electronic attacks caused $455 million in damage to various companies in the year 2001.

At that time, Gates pointed to passwords as the weak link, and said Microsoft will increase its support for their replacement by smart cards, which employ other methods including random numbers to identify authorized users.

This year's harvest of cyber crime has not gone unnoticed in Washington.

Amit Yoran, a vice president from the anti-virus company Symantec, was chosen in mid-September to be the cyber security chief at the Department of Homeland Security.

His mission is strengthening computer networks and convincing Americans to improve their defenses against hackers, disgruntled employees, commercial rivals and foreign governments.

At the same time, the Department announced plans to establish a new Computer Emergency Response Center for Cyber Security. The Center, working with experts at Carnegie Mello University, is charged with protecting against, and responding to, cyber attacks.

It's hoped that by the end of the year, the Center will be able to reduce response time to cyber attacks to just 30 minutes.

While $250,000 would be a big boost to the budgets of most hackers or hacker hunters, the $5 million in reward money will not tax Microsoft' resources deeply. The company had $49 billion in cash on hand according to its most recent annual report.

  • David Hancock

    David Hancock is a home page editor for CBSNews.com.