Xeno fingers Conficker Worm creator, Lays claim to Microsoft $250,000 bounty.

By | February 14, 2009

A reward of $250,000 (£172,000) has been offered by Microsoft to find who is behind the Downadup/Conficker virus.

USB drives, BBCSince it started circulating in October 2008 the Conficker worm has managed to infect millions of computers worldwide.

The software giant is offering the cash reward because it views the Conficker worm as a criminal attack.

“People who write this malware have to be held accountable,” said George Stathakopulos, of Microsoft’s Trustworthy Computing Group.

He told BBC News the company was “not prepared to sit back and let this kind of activity go unchecked”.

“Our message is very clear – whoever wrote this caused significant pain to our customers and we are sending a message that we will do everything we can to help with your arrest,” said Mr Stathakopulos.

Arbor Networks said as many as 12 million computers could be affected globally by Conficker/Downadup since it began prowling the web looking for vulnerable machines to infect in October.

Malicious payload

The Conficker worm is a self-replicating program that takes advantage of networks or computers that have not kept up to date with Windows security patches.

It can infect machines via a net connection or by hiding on USB memory drives used to ferry data from one computer to another. Once in a computer it digs deep, setting up defences that make it hard to extract.

via BBC NEWS | Technology | Microsoft bounty for worm creator.

One of the few pointers is an observation by Panda Security that the infection originated in China a few weeks ago. – register

The worm is thought to have originated in the Ukraine although we have no evidence that says that’s the case. One of the reasons people think this is that the worm tries to skip Ukrainian hosts, for instance exiting if a Ukrainian keyboard layout is found. – arbornetworks

On top of that it now seems Conflicker is installing Antivirus XP a very popular rouge program that trick people into believing that it is an anti-virus program and in order to get full protection you need to purchase the full version.  However, the big package has yet to be delivered and many security experts believe this one has a payload to it, but right now they are still figuring out what it is. -st-michael

Okay I found him: Maksym Yastremski wrote it, and the reason the payload is not being delivered is that the culprit is already behind bars. Microsoft, just send the $250,000 to my PayPal account, thanks.

http://xenophilia.com/wp-content/uploads/2009/02/fft16_mf22180-1.jpegA Ukrainian cybercrime lord linked to nearly every major breach of U.S. retail networks in the past four years was sentenced this week to 30 years in prison by a Turkish court. His sentence was on unrelated charges of hacking banks in that country, according to reports.

Maksym Yastremski is alleged to be “Maksik,” well-known in the underground as a top online seller of stolen credit and debit card information. In a U.S. indictment unsealed in August, prosecutors alleged Yastremski earned more than $11 million selling stolen credit and debit card numbers and magstripe swipes from 2004 to 2006 alone.

Yastremski allegedly worked with Albert “Segvec” Gonzalez of Miami, who served as Maksik’s stateside hacker. Gonzalez and two other Miami men allegedly hacked into vulnerable wireless networks at TJX and other companies, where they’d plant packet sniffers to scoop up at least 40 million credit and debit cards. TJX has spent $130 million coping with the aftermath of the intrusion. Other victims include BJ’s Wholesale Club, Boston Market, Barnes & Noble, Sports Authority, Forever 21, DSW and OfficeMax.

Turkish police arrested Yastremski while he was on vacation in July 2007. He was found guilty of hacking into the computer systems of 12 Turkish banks. –wired

3 thoughts on “Xeno fingers Conficker Worm creator, Lays claim to Microsoft $250,000 bounty.

  1. John

    hmm, arrested July 2007, worm was released around Oct 2008 not likely…. I seem to think that RBN had something to do with it. Especially since at least 30 of the call back domains are registered to them.

  2. Xeno Post author

    If I’m right and he did it from prison or wrote it before prison and set a time fuse, I’d be able to not foreclose on my house. 😉

  3. terry morris

    You all have it wrong all roads lead back to Microsoft… you can’t get help unless you are a registered owner of their product. so far over 130 sites under various names and known names like semantic (Nortons) I have researched all say, here is the fix here is the patch… and guess were all links lead to.. Microsoft.. 40 anti virus programs later, and I still have the said worm…
    Microsoft got sick of all the unregistered sets out there, and decided to hit back!!. There’s always casualtys in a war.

Leave a Reply