Microsoft and a number of industry leaders - including ICANN, VeriSign, Symantec and AOL - have joined forces to fight the spread of the Conficker worm. As part of the effort, Microsoft announced a $250,000 reward for information leading to the arrest and conviction of anyone involved with the spread of the malware.
Microsoft has teamed with Symantec, AOL and other industry leaders to battle the Conficker worm.
Working with security researchers, ICANN (Internet Corporation for
Assigned Names and Numbers) and operators within the domain name
system, Microsoft has coordinated a response designed to disable domains targeted by Conficker
Microsoft also announced a $250,000 reward for information that leads
to the arrest and conviction of anyone responsible for pushing
Conficker throughout the Internet.
"As part of Microsoft's ongoing security efforts, we constantly look
for ways to use a diverse set of tools and develop methodologies to
protect our customers," said George Stathakopoulos, general manager of
Microsoft's Trustworthy Computing Group, in a statement. "By
combining our expertise with the broader community we can expand
the boundaries of defense to better protect people worldwide."
The worm, also known as Downadup, first appeared on the scene late
last year targeting a flaw in Microsoft's Server service.
However, the most prolific variant, identified by Microsoft as
Win32/Conficker.B, spreads not only through the Windows flaw but also
via network shares by logging into machines that use weak
passwords. It also spreads through removable media.
Having multiple attack vectors has paid off for the worm, as
security vendors reported last month it had infected as many as nine
million Windows PCs.
New tactics and a greater level of industry coordination are
required to fight evolving cyber-threats, a Microsoft spokesman said.
The aim here is to unify the multiple initiatives that have been
launched within the security industry and academia to implement a
community-based defense against Conficker, the spokesman added.
Along with Microsoft, organizations involved in this collaborative
effort include: ICANN, VeriSign, Afilias, Public Internet Registry,
AOL, Symantec, F-Secure, Arbor Networks, and several others.
"Symantec continuously strives to find innovative ways to protect
customers from threats, including working with industry partners to
safeguard users from financial and personal information loss," said
Vincent Weafer, vice president of Symantec Security Response, in a
statement. "As attackers are becoming increasingly competitive in
the distribution of their attacks and are leveraging widespread numbers
of compromised systems, it is critical for leading industry leaders to
combine their resources to more quickly and effectively combat
widespread threats such as Downadup (Conficker)."
Microsoft has opened up the award to residents of any country
according to each nation's respective laws. Individuals with
information about the Conficker worm should contact their international
law enforcement agencies, a Microsoft spokesman said.