Microsoft Going After The Creator Of Downadup Worm

Microsoft have announced $250,000 reward to anyone who can give them information that will allow the law enforcement bodies to arrest and convict the person who is responsible for creating the Conficker Internet worm. The virus infected millions of PCs.

Microsoft told IT media that the worm constitutes a “criminal attack”. Residents of any country are eligible for the reward and should contact their international law enforcement authorities, the company said in a statement.

The Windows producer partners with security companies, domain name providers, and others companies to coordinated its response to the worm, also known as Downadup.

Among organizations involved into the pursuit are Internet Corporation for Assigned Names and Numbers (ICANN), VeriSign, NeuStar, CNNIC, Afilias, Public Internet Registry, Global Domains International, M1D Global, AOL, Symantec, F-Secure, ISC, Georgia Tech, the Shadowserver Foundation, Arbor Networks, and Support Intelligence.

The worm is active since 2008. It spreads through a hole in Windows OS and exploits a vulnerability that Microsoft patched in October 2008.

It also spreads via devices like USB drives, and network shares by guessing passwords and usernames.

“The worm seeks to update itself by using a long list of pseudo-randomly generated domain names to contact over HTTP and then grab new code”, said Jose Nazario, manager of security research for Arbor Networks. According to him the algorithm for this domain name generation scheme has been cracked (by F-Secure and others) and has been used to pre-compute the names for pre-registration to prevent hostile parties from using this update feature. This has been facilitated – greatly facilitated – by ICANN, TLD operators, and various registrars working together with Microsoft and others to identify the names and grab the ones they need to. These records can then be pointed at sinkholes to discover Conficker-infected hosts checking in.

Symantec has announced that within the last 25 days it observed an average of 453,436 IP addresses infected per day with W32.Downadup.A and 1.7 million IP addresses infected per day with W32.Downadup.B, the company said in a blog posting.

Infected machines from the worm are estimated to be around as 12 million. The could be used for a launch of distributed denial-of-service attacks on web servers or for a seeding a new worm.

Pakistan is Greater than YouTube? But Don’t Host There!

I’ve wanted to find something in Youtube on Sunday and I’ve seen that the website is unreachable. Well, it is hosting, so downtime is always possible. I’ve thought that the website is overloaded and continued to do what I had to.

Today I’he read that YouTube was down on Sunday after the government of Pakistan tried to restrict local access to the website. This resulted affected in limited access to YouTube from other countries.

Pakistan ordered local ISPs to block access to the YouTube website because it was running material insulting to Islam. The Pakistani government however said there was no intention to block worldwide ccess to YouTube.

The video sharing network removed the content deemed insulting to Islam.

Pakistan justified its order to block You Tube on its own territory by saying it was necessary to avoid unrest in the 160 million, predominantly Muslim country.

Internet monitoring firm Renesys reported that the block extended over two-thirds of the global Internet population, with the greatest affect seen in Asia where the outage lasted 2 hours.