Security threats Toolkit

Microsoft offers bounty for creator of MyDoom variant

Tags:
Reward,
$250,
000,
Creator

Published: 30 Jan 2004 08:15 GMT

Microsoft announced on Thursday that it will offer $250,000 (£136,563) for information leading to the capture and conviction of the individual or group responsible for the release of MyDoom.B.

The original MyDoom virus started spreading on Monday and quickly swamped the Internet. The MyDoom.B variant appeared on Wednesday and, among other things, prevents an infected PC from accessing some Microsoft Web sites and targets Microsoft's main Web site with a denial-of-service attack due to start on 1 February.

"When we looked at the B variant, we found it to be much more malicious," said Sean Sundwall, a spokesman for the software giant. "It's not that we think the person who wrote the original [virus] is not just as culpable."

The reward is the third time Microsoft has posted a $250,000 "Wanted" sign on the Internet. It offered the same amount for information leading to the capture and conviction of the persons or groups responsible for releasing the MSBlast worm and the Sobig.F virus.

Microsoft's reward is the second prompted by the MyDoom epidemic. The SCO Group announced on Tuesday that it is offering $250,000 for information that leads to the capture of the writer of the original virus. Both the original MyDoom virus and the modified version released on Wednesday target SCO's Web site with a denial-of-service attack.

While the people who have released variants in the past haven't been considered to be as malicious as the original virus writer, Microsoft's Sundwall said the modified MyDoom seems much worse than the original. It overwrites the original and attempts to block an infected computer's access to sites that could host important security updates.

"And it attacks us (at Microsoft), of course," Sundwall said.

Computers infected by the variant are expected to begin to deluge the Web sites of Microsoft and the SCO Group with traffic from 1 February, or the first time they are turned on after that, until 12 February, or when they are shut down after that. It is likely that the attack will be difficult to stop, because it will just appear to be regular attempts to access the Web sites.

Neither the FBI, which should be contacted with tips, nor Microsoft, have indicated what, if any, progress has been made tracking down the two perpetrators, for which rewards have already been offered.