Microsoft is offering a reward of $250,000 for information that leads to the arrest and conviction of whoever is responsible for creating the Conficker Internet worm that has infected millions of PCs worldwide. The worm, which started circulating in October 2008, spreads through a hole in Windows systems, exploiting a vulnerability that Microsoft patched in October. It also spreads via USB FLASH drives, and shared networks by guessing passwords and usernames. Once in a computer it digs deep, setting up defences that make it hard to extract. Security specialists recommend hardening passwords by mixing in numbers, punctuation marks and capital letters. Microsoft is offering the cash reward because it views the Conficker worm as a criminal attack. “People who write this malware have to be held accountable” said George Stathakopulos from Microsoft's Trustworthy Computing Group. The virus reports in to its creators for updates by visiting a web domain. It generates the name of the domain itself using a complicated code which security firms have cracked to track the growth of the worm and block its progress. Malware such as Downadup can be triggered to steal data or turn control of infected computers over to malicious hackers which pool them into larger armies of so-called botnets. These networks of compromised machines can be used to send spam, as dead drops for stolen or pirated data and to launch attacks on other machines. Experts say users should have up-to-date anti-virus software and install Microsoft's MS08-067 patch - also known as KB958644. Microsoft has also partnered with security companies, domain name providers, academia, internet companies such as AOL and others on a co-ordinated global response to the worm. Also included is the US Department of Justice and the Department of Homeland Security.
