With as many as 12 million computers infected with the Conficker worm, Microsoft is calling for some Web bounty hunters to step forward. The company said today that it will pay up to $250,000 for information that leads to the arrest and conviction of whomever is behind the worldwide worm.
The slippery code has spread at an alarming rate. It first sneaked onto machines in 2008 through a hole in Windows. Microsoft patched up the vulnerability in October, but Conficker can still spread through USB flash drives and slither through networks by guessing usernames and passwords.
The PC worm doesn't seem to harm machines. But it continually phones home for updates. Security experts worry that one of those future additions could command all infected computers to launch a denial of service attack or turn the Conficker worm into a malicious bug.
Microsoft has teamed up with Internet stewards and security companies to stop the worm from evolving. At first, that task seemed daunting. When Conflicker calls in for updates, its logs into a different Web address ever time. Its designer created a "pseudo-random" chain of new online domain names that exist only to deliver the next update.
The alliance against Conficker recently cracked the code that generates the next name and is now blocking access to those domains.
CNET reports that, despite this breakthrough, the worm in still on the loose.
Over the past five days, Symantec has observed an average of 453,436 IP addresses infected per day with W32.Downadup.A and 1.7 million IP addresses infected per day with W32.Downadup.B, the company said in a blog posting.
"W32.Downadup is the first successful worm to target a vulnerability in a remote service since W32.Sasser in 2004, and in doing so it has shown that the Internet is still a successful breeding ground for worms," Symantec said.