WASHINGTON — Microsoft announced Wednesday it is offering separate $250,000 rewards for information leading to the arrest and conviction of the instigators of the destructive MSBlast and Sobig viruses.
The bounties are part of a $5 million fund established by the software giant to fight off individuals releasing damaging worms, viruses and other types of malicious codes on the Internet.
“Not only are we concerned with apprehending those individuals who commit computer crimes but we are also committed to limiting the damage done by these criminals to private industry and the public,” said Bruce Townsend, deputy assistant director of investigations at the Secret Service. The decision to join with law enforcement authorities comes at a crucial time for Microsoft, which has seen the virus attacks hurt its bottom line. After releasing fiscal first quarter earnings, Microsoft CFO John Connors told analysts that weak billings for three or four weeks in the late summer following the Blaster virus was one of the factors behind the slowdown in licensing renewals. The slowdown in some licensing renewals came as the viruses were spreading last September. The Microsoft bounty program drew the immediate praise of the Business Software Alliance (BSA).
Microsoft announced the rewards at a press conference here that also included officials from the FBI, Secret Service and Interpol.
“Malicious worms and viruses are criminal attacks on everyone who use the Internet,” said Brad Smith, Microsoft’s SVP and general counsel. “Even as we work to make software more secure and educate users on how to protect themselves, we are also working to stamp out the criminal behavior that causes this problem.”
Smith said the initial decision on how much of a reward to offer was made in consultation with law enforcement officials. He added if more money was needed, Microsoft would supply it.
“These are not just Internet crimes, cyber crimes or virtual crimes,” Smith said. “These are crimes that hurt a lot of people. Those who release viruses on the Internet are the saboteurs of cyberspace, and Microsoft wants to help the authorities catch them.”
Although two arrests were made in connection with the B and C variants of the MSBlast worm, those responsible for releasing the original worm this summer remain at large. The worm was designed to attack Microsoft’s Windows update site, which provides fixes for vulnerabilities in the operating system that dominates the personal computer world.
The Sobig virus, the first variant of which was detected in January, attacked individual machines and e-mailed itself to each e-mail address in the computer’s contact list. No arrests have been made.
“The malicious distribution of worms and viruses, such as MSBlast and Sobig, are far from victimless crimes,” said Keith Lourdeau, acting deputy assistant director of the FBI’s Cyber Division. “Such attacks on the Internet cost businesses worldwide millions — some estimates claim billions — of dollars and wreak havoc on individuals by ruining files, hard drives and other critical data.”
Lourdeau said he hoped to see additional industry-government collaboration to identify perpetrators of malicious worms and viruses.
“Just as in the off-line world, when criminals steal or attack online, authorities need to be able to find and punish them,” said Robert Holleyman, president and CEO of the BSA. “Unfortunately, it is still very hard to identify and prosecute cyber criminals worldwide. Hopefully, this reward program and other ongoing efforts will help change that.”
Holleyman added, “Many cyber crimes are not yet perceived as real crimes. We need to raise awareness globally that computer viruses, worms and other denial of service attacks are not clever acts of mischief, but serious crimes that cause major economic damage, or worse.”