Microsoft puts $250,000 price on botnet operators' heads

Posted by Emma Woollacott

Microsoft's offering a $250,000 reward for information leading to a successful criminal conviction for the Rustock botnet.

Microsoft and its partners successfully took the botnet down in March, to great effect: global spam leves dropped by a third.

The botnet had enslaved as many as a million computers worldwide, spewing out billions of spam emails every day. It advertised counterfeit or unapproved versions of pharmaceuticals, and, says Microsoft, violated Microsoft and Pfizer trademarks.

However, Microsoft's investigation into the botnet appears to have been slowing in pace, and the company is now appealing for help.

"While the primary goal for our legal and technical operation has been to stop and disrupt the threat that Rustock has posed for everyone affected by it, we also believe the Rustock bot-herders should be held accountable for their actions," says Richard Boscovich, senior attorney in Microsoft's Digital Crimes Unit.

"Microsoft has already been gathering strong evidence in our ongoing investigation and this reward aims to take that effort a step further."

It's not the first time Microsoft has put a price on someone's head; eight years ago, it (unsuccessfully) offered a similar amount to anyone that would help catch the creators of the Blaster and Sobig worms.

Microsoft says the reward will be given to residents of any country, so long as they can provide unique information that leads to a conviction.

"You will need to rat out your buddies to the point that they get convicted in a court of law, and you'll need to be the only person who does so," says Paul Ducklin of security firm Sophos.

"You may have to pay tax on the reward, too, depending on the regulations where you live, how law-abiding you are, and how willing you are to let it be known where you got the money."

If you know who dunnit, email the company at avreward@microsoft.com.