Putting A Price On A Hacker's Head

Andy Greenberg, 02.12.09, 06:00 PM EST

Microsoft, Symantec and others are making the Conficker worm Internet enemy No. 1.

A word of advice to Internet parasites: Don't do so much damage that you get noticed. As the cybersecurity industry turns its focus onto the Conficker worm currently plaguing millions of computers worldwide, that's a lesson the virus' authors could soon discover.

On Thursday, a coalition of tech companies and nonprofit groups ranging from Microsoft (nasdaq: MSFT - news - people ) to ICANN, AOL, Symantec (nasdaq: SYMC - news - people ), F-Secure and Verisign announced that they've teamed up to put an end to the worm, also known as Downadup, that has infected as many as 12 million computers, according to researchers at Arbor Networks, a cybersecurity company tracking its spread. Microsoft has even offered $250,000 to anyone who can offer information that leads to the arrest of the malicious codes' authors.

Although the worm hasn't communicated with a central server--a development that could have stolen millions of passwords or created an enormous "bot-net" of cybercriminal-controlled computers for spamming--it's caused costly headaches for IT administrators dealing with users locked out of their accounts by the worm's password guesses.

Now, the coalition of cybersecurity companies has teamed up with ICANN, which controls the Internet's domain name system, to cut Conficker off from any potential control by its authors. In early January, Finnish cybersecurity research firm F-Secure cracked the algorithm that determined which domain name the virus looked to at a given time for new software updates.

Working with ICANN and Web registrars who own domain names, the companies have now blocked all domains that the worm could potentially use as a command-and-control center or for siphoning off users' data.

As for Microsoft's quarter-million dollar reward--the first time the company has offered a bounty for cybercriminals since 2005--the money is designed less to end Conficker's damage than to send a message. "The reward won't stop the virus," says Microsoft anti-malware engineer Vinny Gullotto. "Instead we're trying to hold these folks accountable for what they've done with this worm and deter the next one."

SOURCE:

XXXXXXXXXXXXXXXXXXX

Hacking the Protectors:

F-Secure

Kaspersky Lab

Bitdefender's

All hacked by by the same Romanian group.

After Kaspersky and BitDefender, it’s now time for F-Secure.com … vulnerable to SQL Injection plus Cross Site Scripting. Fortunately, F-Secure doesn’t leak sensitive data, just some statistics regarding past virus activity.

Exposed database tables:
MailboxInfo, VirusUpdated, dtproperties, Country, sysconstraints, VirusTrends, Virus_Top50_24h, Virus_Top50_30days, Virus_Top50_7days, Virus_Top50_90days, Virus_Top50_Month, Virus_Top50_Week, VirusDateTotal, VirusDate, VirusMonthTotal, VirusReports, VirusReportsTemp, VirusTrends.

Screenshots:
SQL Injection (SQL Server info / Extracting table names):