To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/security/0,39024655,39118018,00.htm

SCO puts $250,000 bounty on MyDoom virus writer's head
Will Microsoft add to the bounty?

By Robert Lemos

Published: Wednesday 28 January 2004

The controversial SCO Group has offered $250,000 for information leading to the arrest and conviction of the person or group responsible for creating the MyDoom virus.

The company also said on Tuesday that it is working with US Secret Service and FBI to identify the author of the virus. Also known as Novarg and Mimail.R, MyDoom spread quickly across the internet on Monday, travelling as an email attachment and infecting PCs whose users opened the file. The program instructs infected PCs to send data to SCO's web server from 1 February to 12 February, essentially flooding the website and making it inaccessible.

SCO has incurred the wrath of the Linux community for its claims that important pieces of the open-source operating system are covered by SCO's Unix copyrights. IBM, Novell and other Linux backers strongly dispute the claims.

SCO's website was knocked offline by denial-of-service attacks several times in the last year, none of which had been initiated by a virus.

Darl McBride, president and CEO of SCO, said in a statement: "This one is different and much more troubling, since it harms not just our company, but also damages the systems and productivity of a large number of other companies and organisations around the world. The perpetrator of this virus is attacking SCO, but hurting many others at the same time...This is criminal activity and it must be stopped."

Offering a reward for an online attack has been tried before, with little success.

Microsoft announced in early November that the company had created a $5m fund to reward those who help convict specific virus writers. As part of the announcement, Microsoft offered two $250,000 rewards for the individuals or groups that released the MSBlast worm and the Sobig.F mass-mailing computer virus.

Some security researchers also believed Microsoft could place a bounty on whoever released the MyDoom because of the wide impact of the virus. About one in every 12 messages being sent through the internet late Monday and early Tuesday contained the virus, said email service provider MessageLabs.

"We are already ahead of Sobig," said Thor Larholm, senior security researcher for digital security firm PivX Solutions. "If Microsoft is serious about their efforts to capture virus writers, they will definitely put out a bounty on this one."

A Microsoft representative wouldn't comment, except to say that it's too early to make a decision.

The FBI has stated that the current bounties have prompted many leads, but hasn't yet quantified the response nor described the quality of the information.

SCO spokesman Blake Stowell said that any chance of catching the perpetrator would make the money worth it.

"Frankly we are sick of these things taking place," he said.

Other viruses have launched denial-of-service attacks against some high-profile sites. The MSBlast worm launched an attack on Microsoft's Windows Update service by sending data to windowsupdate.com. However, the company was able to sidestep the attack by removing the addresses from the internet's domain names service, the equivalent of the yellow pages for websites.

The White House similarly stymied a denial-of-service attack aimed at its website by systems infected with the Code Red worm by diverting the deluge of data to a different address.

Robert Lemos writes for CNET News.com