Paying bounties to track down and prosecute writers of computer worms no
longer works, according to security experts at
Symantec.
Microsoft has stated,
however, that it expects to continue the reward programme that helped to convict
Sven Jaschan, the author of Sasser and
Netsky.
Symantec believes that the shift is a result of the changing hacking
landscape. Worms and viruses are increasingly used for
identity theft or to create zombie
PCs used to launch distributed denial of service
attacks or send spam.
Microsoft recently paid $250,000 to two individuals for information that led
to the arrest and conviction of Jaschan. The German teenager wrote the Sasser
and Netsky worms that caused billions of dollars worth of damage worldwide.
The reward was considered instrumental in Jaschan's arrest. Microsoft
launched the programme in 2003 and Jaschan's was the first case closed as a
result of the initiative.
Microsoft offered three additional rewards in November last year for
large-scale worms including Sober, and the bounties
proved helpful in gathering information, according to Lou Gellos, a spokesman
for Microsoft's online safety programme.
"The reward programme has dramatically increased the flow of information to
law enforcement agencies," Gellos told
vnunet.com.
But the number of large-scale worm outbreaks that qualify for a reward is
rapidly decreasing. Jaschan's case was considered as child's play that got out
of hand, and he was eventually turned in by two friends who decided to cash in
on Microsoft's reward.
Today's biggest internet threats do not come from Sasser-like worms, however.
The number of so-called 'category 3' internet threats like Sasser is declining,
according to data from Symantec.
David Cole, director of product management for Symantec Security Response,
explained that only three security threats have qualified this year, compared
with 43 in 2004.
"It is calming down from a perspective of very large threats. But we are
seeing a large increase in the number of variants and small tweaks and
adjustments in worms," he told vnunet.com.
The shift is caused by a hacking scene that has turned professional,
according to Cole. "There used to be a lot more cyber-vandalism; now we are
seeing genuine crime," he said.
Criminals today will pay up to $100 for identity data, depending on the
richness and completeness of the information. Combinations of social security
number, credit card number and home address are considered more valuable than
just a credit card number.
Today's botnets comprise a few thousand PCs and are
rented out for several hundred dollars a week.
As a result, the quality of a computer worm has become more important than
the number of systems it infects. And virus writers are making small adjustments
to existing malware in an effort to slip past virus filtering software.
Cole expects that the decline in large-scale worm outbreaks is permanent and
that hackers will continue to use sophisticated small-scale
attacks.
This will make it more difficult to pick worms that justify putting a bounty
on the author's head, according to Cole.
"We are moving out of the Wild West mode where we put bounties on people's
heads, to a more traditional law enforcement model that mimics what we have
outside cyber-space," he said.
While Gellow acknowledged that cyber-crime has become more professional and
harder to track, he maintained that Microsoft's reward programme can help in
tracking down worm authors.
"Maybe the prime source of information on the perpetrators is someone close
to them," he said. "Then the reward programme becomes an incentive and a
deterrent at the same time."
Do you agree?
Have your say on this article