Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Microsoft offers reward for MyDoom.B leads

From: William Knowles <wk () c4i org>
Date: Fri, 30 Jan 2004 07:49:28 -0600 (CST)
http://news.com.com/2100-7349_3-5150469.html

By Robert Lemos 
Staff Writer, CNET News.com
January 29, 2004

SEATTLE -- Microsoft announced on Thursday that it will offer $250,000
for information leading to the capture and conviction of the
individual or group responsible for the release of MyDoom.B.

The original MyDoom virus started spreading on Monday and quickly
swamped the Internet. The MyDoom.B variant appeared on Wednesday and,
among other things, prevents an infected PC from accessing some
Microsoft Web sites and targets Microsoft's main Web site with a
denial-of-service attack due to start on Feb. 1.

"When we looked at the B variant, we found it to be much more
malicious," said Sean Sundwall, a spokesman for the software giant.  
"It's not that we think the person who wrote the original (virus) is
not just as culpable."

The reward is the third time Microsoft has posted a $250,000 "Wanted"  
sign on the Internet. It offered the same amount for information
leading to the capture and conviction of the persons or groups
responsible for releasing the MSBlast worm and the Sobig.F virus.

Microsoft's reward is the second prompted by the MyDoom epidemic. The
SCO Group announced on Tuesday that it is offering $250,000 for
information that leads to the capture of the writer of the original
virus. Both the original MyDoom virus and the modified version
released on Wednesday target SCO's Web site with a denial-of-service
attack.

While the people who have released variants in the past haven't been
considered to be as malicious as the original virus writer,
Microsoft's Sundwall said the modified MyDoom seems much worse than
the original. It overwrites the original and attempts to block an
infected computer's access to sites that could host important security
updates.

"And it attacks us (at Microsoft), of course," Sundwall said.

Computers infected by the variant are expected to begin to deluge the
Web sites of Microsoft and the SCO Group with traffic from Feb. 1, or
the first time they are turned on after that, until Feb. 12, or when
they are shut down after that. It is likely that the attack will be
difficult to stop, because it will just appear to be regular attempts
to access the Web sites.

Neither the FBI, which should be contacted with tips, nor Microsoft
have indicated what, if any, progress has been made tracking down the
two perpetrators, for which rewards have already been offered.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: