Q&A: Microsoft Establishes Anti-Virus Reward Program



Hemanshu Nigam, Corporate Attorney, Digital Integrity Group, Microsoft Law & Corporate Affairs.

REDMOND, Wash., Nov. 5, 2003 — Anyone who has lost files or work due to a computer virus or worm knows the frustration and aggravation such events cause. Multiply that by the number of people and businesses impacted by the attack, and add in the cost of replacing or rebuilding the damaged or lost files, systems and even hardware, and the magnitude of the problem becomes clear. Most notably, the MSBlast worm and Sobig viruses have caused millions in damages worldwide and inconvenienced millions of businesses and consumers across the globe.

Despite the heavy costs of such crimes, tracking and pursuing those who illegally launch destructive code can be very difficult. Law-enforcement agencies use all means at their disposal, including sophisticated investigative techniques. Despite these efforts, criminals can escape prosecution because gathering the evidence necessary to identify them online is very difficult; for example, an attacker might use spoofed IP addresses that are very difficult to trace. Many online attackers have been apprehended, but many more including those who spread MSBlast.A and Sobig remain unfound.

To supplement online investigations, Microsoft has announced an old-fashioned criminal-justice tactic to help solve a modern-day problem — a monetary reward.Initially funded by Microsoft with US$5 million, the Anti-Virus Reward Program will help the Federal Bureau of Investigation and the United States Secret Service, in coordination with Interpol, to identify and arrest those who commit crimes by illegally unleashing malicious viruses and worms on the Internet. In particular, Microsoft is offering two rewards of $250,000 each for information that results in the arrest and conviction of those responsible for launching the MSBlast.A worm and Sobig virus.

To find out more about the program, PressPass spoke with Hemanshu Nigam , corporate attorney in the Digital Integrity Group within Law & Corporate Affairs at Microsoft.

PressPass: What is the Anti-Virus Reward Program?

Nigam: Microsoft is creating a program, initially funded with $5 million, that provides a reward for information that results in the arrest and conviction of those responsible for illegally launching malicious code on the Internet. Our first targets are the MSBlast.A worm and the Sobig virus. Microsoft is offering a quarter-million U.S. dollars each for information leading to the arrest and conviction of the person or persons responsible for these illegal and malicious attacks.

Its important to clarify the conduct we want to combat. When someone illegally distributes malicious code, it is not a game; it is a serious crime that has serious consequences.

PressPass: What led to the programs establishment?

Nigam: Security is a top priority for Microsoft. Overlaying that is Microsoft’s long-term goal to make computing safer and more secure, and to help bring about a safe and secure Internet experience. Criminals who illegally launch malicious code attack this experience. That is the part we are talking about today.

You may hear people say,
“Theyre just launching code, theyre just messing around.”
What were dealing with are people who are committing a crime its not a case where someones just having fun. There is a big difference between people experimenting with writing programming code and those that are illegally launching viruses and worms and causing destruction to files, personal data, and the like. Helping law enforcement bring to justice those people that illegally distribute these malicious viruses and worms is the goal of this program.

PressPass: Does the creation of this program suggest the virus-writers are winning?

Nigam: Absolutely not. By working with law enforcement, we can increase the chances of malicious code launchers being pulled out from behind their computers and into the courts of justice. If a person is preparing to launch a virus that can potentially affect thousands or millions of people and businesses, we want to make it less likely that they’ll get away with it. We want them to think twice and realize that prosecution is a very real possibility if they illegally unleash a virus or worm.

PressPass: Is this aimed at malicious code that attacks Microsoft products, or any malicious code?

Nigam: The reward is initially limited to attacks on Microsoft products. We want to be sure that the Internet experience is safe and secure for all users. We as a company feel it is one of our responsibilities to take the lead in our industry and make that happen for our customers and partners.

There are an estimated 200 to 300 new viruses discovered every month. So well be looking, on a continuing basis, at various criteria when deciding which worms and viruses merit offering a reward. One of the many factors currently considered by Microsoft is the effect or impact the virus has on consumers and businesses; another is the threat level it is assigned by anti-virus companies.

PressPass: What are the roles of the participating law enforcement agencies relative to that of Microsoft?

Nigam: Were working closely with the FBI and U.S. Secret Service, and coordinating with Interpol, on this program. Microsofts role in the reward program is to offer the incentive for people to provide lead information by offering a reward. Separately, Microsoft cooperates with law enforcement in its investigations, in accord with existing law. The law-enforcement agencies role is to do what theyre really good at doing, which is investigating, identifying, and arresting people who perpetrate crimes using malicious code. The FBI, U.S. Secret Service and Interpol will accept leads that come in from people around the world, and using that information will seek out the perpetrators. In essence, its a partnership approach: we present a reward to draw out information, and law-enforcement agencies then use those leads in their investigations. Persons with information should go directly to the law enforcement agencies by calling their local FBI or Secret Service office, or the Interpol National Central Bureau in any of Interpols 181 member countries or by going to the FBI Internet Fraud Complaint Center Website (see Related Links at right).

PressPass: Are you confident youll get public support and participation?

Nigam: I most definitely think well get information. I hope that a financial reward will give people with information an incentive to do the right thing and help bring the people who launch virus and worms to justice.

There are two ways to investigate and find criminals launching malicious code. One is the technical way, and the other is by old-fashioned investigative techniques used by law enforcement around the world every day. Technical investigations are very difficult; it is very difficult to identify a virus or worm-writer online, for example, by tracing the worm to where it was first launched and finding the perpetrator. But the old-fashioned techniques, such as talking to
“witnesses,”
can work very well — if a worm writer brags about his attack to another, that person has knowledge of the crime. Thats where the incentive comes in. Someone who illegally launches a virus may believe they are going to gain significant influence in the Internet underground community by showing off their exploits. We want to offer an incentive for someone who hears about the attack to contact law enforcement.

PressPass: What if rewards distributed exceed the original $5 million?

Nigam: When that happens, we should be celebrating, because it means we are having an impact on Internet safety and security for businesses and consumers. At that point, we will look at the program, evaluate its success, and consider providing additional funding.

PressPass: Is this solely a Microsoft program, or do you expect corporate partnership?

Nigam: So far, this particular program is a Microsoft initiative. In order to help people feel safe on the Internet, we feel its critical to be a responsible leader in the industry and work with law enforcement, both domestically and globally, to pursue and stop illegal distributors of malicious code. We urge other corporations to consider ways to partner with law enforcement in deterring this illegal and destructive activity that affects the entire technology industry.