Reward out for the nasty Conficker

On Valentine's Day, Microsoft sent a gift to the computer security community. The company offered a $250,000 reward to anyone identifying the author of the Conficker/Downadup worm that has infected at least a million computers and possibly as many as 10 million.

This is not the first time Microsoft has posted a bounty. In 2005 the software company paid out $250,000 to two people who helped identify the creator of the notorious Sasser worm. The author was arrested and sentenced by the German authorities.

Conficker is a wily worm. Since October it has been prowling the Web looking for vulnerable computers -- computers that have not kept up to date with Windows security patches. Once it finds such a computer, it replicates itself, then burrows in and makes itself hard to remove. Once implanted, the worm searches out nearby servers and executes a password breaking program. It also spreads itself to any shared hard drives.

But even more dastardly, it makes a copy of itself on any device plugged into a USB port, such as any thumb drives, music players, or digital cameras. When that infected device is later plugged into another PC, it infects that machine, which then begins to similarly spread more infections.

The French military reportedly got the worm from a USB device plugged into its network.

The worm then waits for instructions over the Internet to steal data or turn control of infected computers over to malicious crackers who pool them into armies of bots.

These networks of compromised machines can be used to send spam, as storage for stolen or pirated data and to launch attacks on other machines.

Although Conficker is widespread, its creators have yet to activate its payload to steal data or launch other attacks.

Conficker is just the latest in a series of Internet worms, the most famous of which is the Morris worm, the first big Internet worm.

In 1988, Robert Tappan Morris, a graduate student at Cornell University, launched the worm from computers at the Massachusetts Institute of Technology.

Mr. Morris said the original intent of the worm was to gauge the size of the Internet, but an error in the code caused the worm to replicate wildly, freezing up thousands of computers.

In one of those ironies that can only happen in real life, Mr. Morris' father, Robert H. Morris, was the chief scientist at the National Security Agency's National Computer Security Center.

Robert Tappan Morris was tried and was the first person convicted under the 1986 Computer Fraud and Abuse Act. He was sentenced to three years probation, community service and a fine of $10,000. Today he is on the faculty of M.I.T.

The Morris worm has sometimes been referred to as the "Great Worm," (derived from the "Great Worms" in the writings of J.R.R. Tolkien) because of the devastating effect it had upon the Internet at that time. It prompted the Pentagon to fund the Computer Readiness Emergency Team Coordination Center at the Software Engineering Institute of Carnegie Mellon University.

So what to do about the Conficker worm?

To avoid getting it, follow normal secure computing behavior, especially keeping your Windows security updates current.

Conficker also emphasizes a new vector of attack: the USB device or drive. USB drives, or devices with USB drives in them (cameras, e.g.), can carry malware. When you plug them into your computer, you can inherit it.

Obviously USB drives are useful; but like your mother used to say about putting coins in your mouth, don't plug in a strange USB drive because "you don't know where it's been."

Particularly risky are so-called U3 "Smart" drives that can run programs when plugged in.

If you allow someone to plug in a USB drive filled with audio or video they have gotten from file sharing or porn sites, there's a good chance your computer will end up worm meal.