Redmond (WA) – Microsoft said it has organized a global response to the Conficker (Downadup) worm to disable domains targeted by Conficker. For the fifth time, Microsoft announced a $250,000 bounty to find the source of the worm – a strategy that's worked four times already, and most recently led to the conviction of the author of the Sasser worm back in 2005.


Called a “reward program”, Microsoft said that the bounty is based on the firm’s “recognition” that launching the code into the wild was a “criminal attack”.

“Microsoft wants to help the authorities catch the criminals responsible. Residents of any country are eligible for the reward, according to the laws of that country, because Internet viruses affect the Internet community worldwide,” the firm said in a statement. “Individuals with information about the Conficker worm should contact their international law enforcement agencies.”

Similar initiatives were announced in November 2003 to find the authors of the Blaster and Sobig worms, in January 2004 to find the author of MyDoom.B  and the source of the Sasser worm in May 2004.

However, Microsoft is also looking for ways and partnerships to defend users from such threats. “As part of Microsoft’s ongoing security efforts, we constantly look for ways to use a diverse set of tools and develop methodologies to protect our customers,” said George Stathakopoulos, general manager of the Trustworthy Computing Group at Microsoft. “By combining our expertise with that of the broader community we can expand the boundaries of defense to better protect people worldwide.”

“The best way to defeat potential botnets like Conficker/Downadup is by the security and Domain Name System communities working together,” said Greg Rattray, chief Internet security advisor at ICANN. “ICANN represents a community that’s all about coordinating those kinds of efforts to keep the Internet globally secure and stable.”

Along with Microsoft, organizations involved in this collaborative effort include ICANN, NeuStar, VeriSign, CNNIC, Afilias, Public Internet Registry, Global Domains International Inc., M1D Global, AOL, Symantec, F-Secure, ISC, researchers from Georgia Tech, the Shadowserver Foundation, Arbor Networks and Support Intelligence.