Microsoft Sets Up Reward Fund To Help Authorities Find Hackers
With its products beset by security flaws and viruses, Microsoft Corp. set up a $5 million reward fund for information that helps law enforcement in hacking investigations.
The announcement came a day before the Federal Trade Commission was to warn of another potential security flaw in Microsoft software that affects millions of personal computers, especially those using high-speed Internet cable service.
The first $500,000 of the reward fund is earmarked for information leading to the arrest of the initial author of the latest attacks, the MSBlast worm and SoBig virus, which disrupted millions of computers world-wide this year. So far, law-enforcement authorities have arrested three people in connection with releasing variants, but the original writers haven't been caught, said Keith Lourdeau, acting deputy assistant director of the Federal Bureau of Investigation.
"These aren't just Internet crimes, cyber crimes or virtual crimes," said Microsoft Vice President Brad Smith. "These are real crimes that disrupt the lives of real people."
Viruses and other security problems are no longer a minor annoyance for Microsoft . In reporting financial results for the quarter ended Sept. 30, the software company disclosed that sales to corporations had been hurt by the Blaster worm, the first time the company had acknowledged financial harm from a malicious program. Microsoft didn't quantify the effect from the individual worm but indicated its sales people had to cope with the issue when dealing with corporate customers.
The problems are also affecting competition. The Linux operating system has become a popular alternative to Microsoft's Windows on midsize computers called servers, and hasn't been targeted so widely by writers of viruses and worms. "A lot of large organizations are deploying Linux," said Chris Belthoff, a senior security analyst at Sophos Inc., a Boston maker of security software. "One of the reasons is because of the perceived security of Linux." The only other surviving Windows rival, Apple Computer Inc.'s Macintosh computers, also are largely virus-free.
Mr. Belthoff thinks Microsoft's bounty should help bring arrests and change public perception that writing malicious programs is a criminal act, not a prank. "I can count on less than 10 fingers the total number of people who have been brought to justice for writing viruses," he said, calling it "a pretty poor success rate" given the thousands of viruses in existence.
The FTC's expected announcement Thursday will focus on a vulnerability in a Windows feature known as the Messenger Service, which is designed to let system administrators communicate with users on a network; it also allows hackers to capture users' computers when they are online. The FTC's investigation has focused on small companies that exploit the feature to sell such things as pornography.
Microsoft isn't a target of the inquiry but hasn't done enough to warn the public, a law-enforcement official said late Wednesday.
A Microsoft spokesman said the feature had become largely obsolete, and is unrelated to the company's MSN Messenger instant-messaging product. "People have found a way to abuse that feature, and we are strongly considering disabling it in the next update of Windows," said Sean Sundwall, a Microsoft spokesman.
The reward announced Wednesday is the first offered for malicious codes and is part of three-pronged focus, officials said, including girding operating software to prevent attacks, keep the user community updated on how to protect itself and close cooperation with law enforcement.
FBI officials say that at any given time there are as many as 70,000 malicious codes circulating in cyberspace. The bureau has created more than 50 cybercrime task forces around the country, many staffed by people with graduate level degrees in computer science and programming.
Peter Nevitt, director of information systems for Interpol, said Wednesday that the issue is clearly an international one now, and a priority. "The newest domain in which we have begun to focus our attention is in [information] crime," he said. Mr. Nevitt said the countries hardest hit by hackers are the wealthy, developed nations, while many hackers come from countries with slow economies and high youth unemployment.
微软重金缉拿病毒制造者
微软(Microsoft Corp., MSFT)宣布,公司设立了500万美元的奖励基金,用于奖励那些提供信息使破坏性电脑病毒的散播者被绳之以法的人,并悬赏各25万美元寻找“冲击波”(Blaster)和“大无极”(Sobig)病毒的制造者。
这两种恶性病毒在今年夏季末袭击了运行微软Windows操作系统的电脑,并重新引发了人们对微软及其软件安全性的指责。微软随后增强了被称之为“可信赖计算”的反病毒计划,以增强其软件的安全性,并协助客户采取安装防火墙和反病毒软件等防御性措施。
微软和司法部门希望,“冲击波”和“大无极”制造者的悬赏能够使司法部门将其绳之以法,而奖励基金将防止今后的病毒袭击事件。据某些人估计,恶性电脑病毒所造成的损失已达数十亿美元。
微软副总裁布莱德?史密斯(Brad Smith)说,“制造病毒不仅仅是一种互联网上的犯罪行为,或者说是虚拟犯罪,它已经破坏了人们真实的生活”。
病毒及其他安全问题对微软来说已经不再是小麻烦。该公司在公布截至9月30日的财季业绩报告时,首次承认病毒已经对公司的财务状况构成负面影响。
此外,这个问题还关系到公司之间的竞争。作为微软“视窗”(Windows)操作系统的替代品,越来越受欢迎的Linux操作系统还并没有成为病毒制造者的普遍攻击目标。
位于波士顿的安全软件制造商Sophos Inc.的资深安全分析师克里斯?贝尔托夫(Christ Belthoff)说,很多大公司或机构都开始安装Linux操作系统,这其中的考虑之一就是安全性。另外一个在与“视窗”竞争中仅存的竞争对手──苹果电脑(Apple Computer Inc.)的Macintosh电脑也很少受到病毒袭击。
贝尔托夫说,微软这步棋很积极,它可以促使更多病毒制造者落网,使公众开始认识到:制造病毒是一种犯罪行为,并不是开玩笑。
