Virus writers reportedly are talking tough about Microsoft’s bounty offered in exchange for information leading to the arrest and conviction of major malware authors, downplaying its effectiveness and calling it just a publicity stunt.
Security experts differed on the likely effectiveness of Microsoft’s plan, which has put a quarter-million-dollar price tag on the heads of those responsible for the SoBig and Blaster worms, with a US$5 million fund for more bounties in the future.
Ken Dunham, iDefense malicious code intelligence manager, told TechNewsWorld that although recent arrests and the Redmond, Washington-based bounty have virus writers talking, the measure will not likely affect the most talented and threatening authors.
“The upper echelon of attackers continue to attack at will, and they don’t give a rip whether there’s a bounty or not,” Dunham said.
Hunted and Hiding
Other security experts, such as Symantec Research Labs chief architect Carey Nachenberg, view Microsoft’s bounty — which the company unveiled as a collaborative effort with police and investigators — as a positive development in the battle against virus writers.
“It really demonstrates to people who write and distribute malicious code that not only is Microsoft serious about this, so is law enforcement and the international community,” Nachenberg told TechNewsWorld.
However, Dunham — who argued international cooperation will be the biggest hurdle in hunting down malware authors — said arrests in the Blaster variant cases and Microsoft’s bounty have driven more virus writers out of plain view.
“Some of these guys definitely are scared,” he said. “They’re talking about the FBI, but they’re not talking about things in public channels anymore.
“The heat is up, and guys who have a lot to lose are laying low,” Dunham added.
Goading Their Glory
Nachenberg contended that with the heavy reliance on information sharing among virus writers, driving their overt communications out of sight makes sense.
“There’s a fair amount of sharing of technology and know-how; if this reduces that, it’s only positive,” he said.
The security researcher also said that by reducing the notoriety of virus authors — a demographic of 14- to 24-year-old males — the Microsoft bounty reduces incentive for many of them.
“If they do get notoriety, it will be much easier to catch them,” Nachenberg added.
Marketing and Motivation
While Microsoft has indicated it might allocate even more funding if its bounty strategy proves to be successful, virus writers already are doubting its effectiveness and calling it a marketing ploy.
However, Nachenberg said the bounty could put the entire virus-writing community on notice because those who write malicious code could be caught more easily with prices on their heads. “[Virus writers] have a lot to lose if they are caught,” he said.
Dunham argued that while “script kiddies” or low-level virus writers could be deterred by the bounty, more advanced attackers — including organized crime rings that use viruses to steal money or information quietly — will not be turned back.
“For the guy who’s doing it for money, it’s going to take a pretty strong deterrent to prevent them from doing what they’re doing,” he said. “Really, you have to have more than a $250,000 bounty. You need the right connections of authorities, tools and techniques.”