Microsoft has placed at $250,000 (£172,000) bounty on the head of the people behind a computer virus that infected more than 15 million machines.
The worm, known variously as Conficker, Downadup and Kido, burrowed its way into an estimated 15 million computers worldwide, providing hackers, spammers and cybercriminals with a 'back door' into people's machines, and making Windows users vulnerable to identity fraud and ID theft.
The virus takes advantage of a vulnerability in the operating system to burrow deep into the computer's files, folders and System Registry, which stores settings and options for Windows. Once installed, hackers and spammers are able to remotely download more malicious programs to the computer, or even use the worm to help install software that will enable them to track and steal security information, such as banking logins or credit card information.
The software company is offering a reward for information that leads to the capture and conviction of the virus authors, because it views the worm as a criminal attack.
"This development shouldn't surprise anyone," said Graham Cluley, a senior technology consultant for anti-virus firm Sophos. "Microsoft's reputation is badly shaken whenever a computer virus causes widespread problems for its users.
"Offering substantial rewards can do no harm. If a culprit isn't found then Microsoft hasn't lost anything, and it may just entice some members of the computer underground to come forward with information. People considering releasing malware in the future should take careful note of this and think again."
It's not the first time Microsoft has offered a reward for information leading to the capture of a cybercriminal. In November 2003, it slapped a $500,000 bounty on the authors of the Blaster and Sobig worms, and in May 2004, it paid $250,000 to a group of informants who enabled the prosecution of Sven Jaschan, the German teenager of the Sasser and Netsky viruses.
"The big question is whether the Conficker bounty is big enough," said Cluley. "$250,000 may have been enough to identify Sven Jaschan, a German teenager infecting computers for kicks.
"But is it going to be enough to encourage someone to inform on an organised criminal gang, making large amounts of money out of malware?"