Maybe MSFT Isn’t Serious About It’s $250k Conficker Reward?

A few days ago, Microsoft made a big announcement about a $250,000 bounty to help catch the creators the Conficker Worm. We covered that bounty story in Data Security Podcast Episode #40.  The only problem: Microsoft apparently didn’t tell anyone WHO to contact if you are a successful bounty hunter and have information.

According to the Microsoft’s press release, “Microsoft Corp. announced a partnership with technology industry leaders and academia to implement a coordinated, global response to the Conficker (aka Downadup) worm. .. Microsoft also announced a $250,000 reward for information that results in the arrest and conviction of those responsible for illegally launching the Conficker malicious code…”

And the press release talks on about how important it is for the security community to work together to fight these attacks. There quotes from ICANN, and a link to where one can get information about the Conficker worm. There is even a blurb about Microsoft’s past efforts in putting up bounties to catch bad guy. And the world wide tech press has picked up this sexy story, since the bounty is payable to anyone, anywhere, due to international law, and the global scope of this, and other similar, attacks.

The press release even gives links that one can follow to get Microsoft’s suggestions for protection from Conficker, and general “stay safe online” tips. There are even links to geting more information about the big software company based in Redmond, just in case you were wondering who this company Microsoft is or was.

But, here is the rub: There is no contact information provided for the would-be bounty hunter. Not a name, not an email address, not a web site, not even a name for the posse of supporters that have been assembled in the name of catching these malware writing varmints.

What part of customer service does Microsoft not understand?

I did a number of web searches, and read numerous press accounts of this bounty. But not one that I read gives any information on WHERE and HOW a bounty hunter collects his reward. Has journalism become so sloppy that the WHERE and the HOW is no longer asked by a reporter. Doing a story is more than just a press release “cut and paste job.”

I invite any reader of this column to locate the information to help all those would-be bounty hunters. If you find it, let me know the information, and the source of your research results.

One Response to “Maybe MSFT Isn’t Serious About It’s $250k Conficker Reward?”

  1. David Oxley Says:

    From: http://blogs.technet.com/msrc/archive/2009/02/12/conficker-activity-update.aspx

    “Individuals with information about the Conficker worm are encouraged to contact their international law enforcement agencies. Additionally, Microsoft has implemented an Antivirus Reward Hotline, 1-425-706-1111, and an Antivirus Reward Mailbox, avreward@microsoft.com, where tips can be shared.”

    Guess they are serious. Somewhat.

    IV> Well Done David Oxley! David writes and interesting blog.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: