Microsoft Reward Leads to Arrest of Sasser Suspect 287
tritone writes "According to this article on CNET, it was a reward from Microsoft that led to the arrest of the perpertrator of the Sasser Windows Worm. This is the first success for Microsoft's Antivirus Award Program, a $5 million fund to reward people for coming forward with information about those who release major worms and viruses."
Oh, guess what ... (Score:2, Interesting)
Microsoft Rewards (Score:5, Interesting)
Suggestion, instead of suing security companies who find and point out vulnerabilities they should implement rewards there. For example, if xyz security found a vulnerability they could either
A: release it to the news/public and risk MS ire
or
B: Submit it confidentially to the MS bug track for a hefty reward
Yes, that lacks disclosure but it is a healthier system than now exists.
Looking forward to the fallout... (Score:5, Interesting)
I wonder what kind of deals are being offered right now for him to turn in friends and information? I wonder what is on his computer? All it takes is one informant for the police to get warrents to search all his friends and known acquaintances computers, so I am thinking there will be a bigger fallout than just one guy. I just hope they don't let the big fish off the hook to get 10 smaller fish.
I wonder if this will be the start of the dominos falling. He turns in his friends, who in return turn in their friends. Then next thing you know the FBI is knocking on your door asking to look at your computer. In some ways, I welcome that. It gets to be exhausting fixing computers from all the viruses and spyware and crap.
I am just glad that with him in jail there will be more security. One less bad guy to worry about.
Re:Good (Score:4, Interesting)
Well, it maybe worked once. The people turning the guy in might have done it even if the reward wasn't available.
Microsoft announced the reward program almost a year ago and that this is the first worm actually resulting in a claim suggests, in fact, that the reward program is mostly a failure.
c.
I reakon it's a PR exercise. (Score:3, Interesting)
i think this is utter tosh. microsoft tried to make out the blaster worm was coded by some 17 year old last time.
they want us think 'oh all these viruses are caused by nieve kids with something to prove';
which is less scary than the truth that worms are coded to order by people with maths degrees for criminal gangs who want to use your pc as a conduit for illegal material.
This could lead to another attack on Linux... (Score:4, Interesting)
But FOSS doesn't pay me to turn in a virus writer.... so why should I...???
greed..... its been a constant in teh computer industry... no doubt about it.
I wonder if microsoft will actually up the $$$ (Score:3, Interesting)
Re:Oh, guess what ... (Score:1, Interesting)
Let's say that 10 viruses get released, each by a different person. 10 x $5million = lots of money, even for a corp. as large as Microsoft.
here's a better reward (Score:1, Interesting)
Carving his niche? (Score:2, Interesting)
Re:More validation of Microsoft's central philosop (Score:3, Interesting)
Except secure code, apparently.
This whole reward thing is nothing more than a PR move. Microsoft comes out looking like the hero for offering the reward which led to the capture of some kid, masking the fact that their crappy code allowed this to happen.
Two questions arise from this:
- What will be the fallout in terms of orgs moving to non-MS platforms (MacOS, Linux, etc)?
- By most accounts, this particular virus/worm was very poorly written. My understanding is that this is also true of most of the other recent viruses. How long will it be before someone writes a virus for win32s which is truly destructive, in terms of things like writing random data in random places (sector 0, anyone?) on the disk, or scrambling the BIOSes and firmware of things like HDDs making them completley unusable?
And before we suggest that the damage was limited to broadband home users who don't patch their machines, consider that orgs like these were taken down: a few banks, at least one coast guard station, St Luke's Hospital, Delta Airlines, and the list goes on.
Re:Looking forward to the fallout... (Score:3, Interesting)
Mmmm, not so sure about that. Many of his friends are in his addressbook probably listed as "32ggy99", "bigbuster" or whatever. Given the use of mainly IRC for communication, chances are that this suspect is completely in the blue who his buddies are.
Re:Why? (Score:3, Interesting)
A good example I think is a problem a friend had last week. He had just installed XP Pro and within minutes of the installer finishing he had been infected with the Blaster virus. He couldn't download the fix or install a virus scanner because the machine would always reboot itself before he could complete the installation of either! And because it was his only computer he had no way of downloading the fix and applying it offline.
I know XP can check for updates during install, I don't know if he skipped this step or if it wouldn't have installed a Blaster fix anyway, but the problem is that the OS was practically useless within minutes of install.
Now while this might not be a problem for the techno-savvy guys around here, my friend is just your average person who knows enough to know the CD tray isn't a cup holder.
I think Microsoft should at least try to architect their software so that critical flaws cannot be exploited within minutes of the install finishing. The basic solution I can see for this is that the OS should not allow any network connections (except to microsoft.com) to download any necessary security updates. Once these have been installed the system should be allowed to see the rest of the web.
Exactly... (Score:3, Interesting)
Re:Why? (Score:3, Interesting)
Same thing with fire axes, tow trucks, arc welders, and all sorts of other things.
Outlawing something becuase it has "little legitimate use unless one is in a very narrow band of professions" is bad law. For example, how am I going to enter that profession? What constitutes little? Does a coathangar count as a "lockpick"? What about a car antenna (I used my own to break into my car a couple times)? How is someone supposed to come up with the latest and greatest lock design when they can't try to pick it?
We shouldn't be in the habit of punishing someone because they MIGHT do something wrong. We should wait until they actually do something wrong and THEN punish them.
Sure, that makes more work for the police since they have to catch you doing something that hurts another person, but that's their fucking job.
It's like convicting someone of murder becuase they have a gun in their house, without needing to establish that it was their gun that was actually used, or that they fired it, or that a specfic person was actually murdered.
Must have been a very close friend (Score:3, Interesting)
I wouldn't be surprised if one of his friends from this peer group is the one who reported him. After all, the whistleblower also sent source code as proof to Microsoft Germany before the authorities stepped in - he must have been in direct contact with the author and may even be a co-author.
I still don't know what to make of this. I don't like bad hackers writing worms, but I don't like the reward program, either.
seems like having the right guy isn't in question (Score:2, Interesting)
according to this news (german) the 18 year old guy they arrested confessed having coded and released Sasser and several NetSky variants, when his home was searched by the authorities.
However I guess the guy who betrayed him by sending MS code fragments might be in trouble, too, because if he did know the author was coding a virus and he didnt inform the authorities to prevent release, but afterwards reported to MS to take the bounty, he might have acted slightly illegal, too.
(german authorities seem to have gained knowledge by US authorities who gained knowledge from Microsoft - a little bit indirect if u ask me)
Corvus