Microsoft Corp. on Wednesday announced the creation of a $5 million fund to be used to reward people who turn over information leading to the conviction of virus writers.
To kick off the program, Microsoft offered rewards of $250,000 each for information that leads to the arrest of the authors of two recent viruses, Blaster and SoBig.F. The company announced the offers at a press conference in Washington in conjunction with the FBI, Secret Service and Interpol.
The idea is a novel one in the security community and attempts to exploit the greed that motivates some crackers and online criminals. The virus-writing world is a small one, and experts say that many virus creators know one another and who is behind which outbreaks. However, like most criminals, these people are loath to cooperate with law enforcement, a fact that has hampered the ongoing investigations into Blaster and SoBig.F.
Both viruses hit in August and, like most viruses, affected users running Microsoft products. Blaster exploited a hole in the Windows RPC DCOM interface, while SoBig.F went after Outlook.
“Worms and viruses are criminal acts on the international Internet community. These are real crimes that affect real people,” said Brad Smith, senior vice president and general counsel at Microsoft, based in Redmond, Wash.
Some security experts said Microsoft’s efforts could act as a strong deterrent for people considering releasing a virus. “It will make people think about it a little harder. Hackers turn on each other all the time, and there’s nothing binding them together,” said Pete Allor, manager of X-Force Threat Intelligence Services at Internet Security Systems Inc., in Atlanta. “Microsoft has raised the bar on what it means to work with law enforcement. I think we’re all collectively tired of these guys.”
Representatives from the FBI, Secret Service and Interpol all lauded Microsoft for creating the reward program, but warned that the money would likely not be enough to prevent virus writers from creating and releasing new malware. Still, they said that the cooperation with Microsoft is an important step.
“It’s true that law enforcement doesn’t have all the answers, and it’s absolutely true that the private sector doesn’t have all the answers. That’s why it’s important that we cooperate,” said Peter Nevitt, director of information systems for Interpol.
Smith said Microsoft will evaluate whether to offer a reward for future virus writers on a case-by-case basis.