Virus writers undeterred by Microsoft bounty

Antivirus companies say malware writers are undeterred by Microsoft’s $250,000 bounty after discovering another variant of the mass-mailing worm MyDoom over the weekend.

Since the start of 2004, the people responsible for creating MyDoom and Netsky have released on average more than one new variant every week. The latest version includes a message warning antivirus researchers to expect more of the same.

According to Finnish antivirus firm F-Secure, the latest worm’s code included the following text: "we will work with MyDoom, P2P worms and exploit codes… we will attack F-Secure, Symantec, Trend Micro, Mcafee etc".

Mikko Hyppönen, director of antivirus research at F-Secure said he is surprised that the group is still creating new variants when they know that Microsoft has offered a large reward if they are captured.

"It's pretty astonishing these guys just keep pumping out new variants when they know several people are actively trying to find out who they are - to collect the $250,000 bounty offered for their head," said Hyppönen.

John Donovan, managing director of Symantec in Australia, said it is likely the group is based in a country without any specific anti-malware laws so even if they are caught they are unlikely to face prosecution.

"The price on their heads is only good if they are in a country where they can get arrested for it. Most countries in the world have no legislation against the development of malicious code. In Australia they would be fined $1m or face ten years in prison," said Donovan.

There are two basic types of malware writer, said Donovan. One is looking for fame while the other is after money. The second group concerns him the most.

"These are people trying to develop malicious code that is undetectable. They don’t care what anyone else is writing, they do not want to trash systems and they certainly do not want to get into public slagging matches," said Donovan.

According to Donovan the bounty is less likely to worry the second group because they could be making a lot of money from illegal activities.

"They will write malicious code or tap into systems and sell information the highest bidder. They are not there for the notoriety; they are there to get cash. Potentially there is more money to be made being part of these gangs than collecting a bounty against them," said Donovan.

Microsoft did not comment on its bounty programme.

Munir Kotadia writes for ZDNet Australia