Microsoft's bounty money will not impact virus writing activity, and is only one step in stemming release of malicious code, says a virus writer psychology expert.
Microsoft's recently unveiled Anti-Virus Reward Program, in which the software maker has created a US$5 million reward fund to track down writers of worms, viruses and other malicious code, sends a strong message to young virus writers that these types of activities can have extremely serious consequences, Sarah Gordon, an expert on the psychology of virus writers, told CRN.
As part of this initiative, Microsoft has issued two bounties - to the tune of US$250,000 each - for information leading to the arrest and conviction of the people responsible for releasing the MSBlast worm and Sobig virus.
Gordon, a senior research fellow at Symantec's security response unit, has been meeting hackers and virus writers face-to-face for many years, in order to understand why they do what they do. According to Gordon, virus writers come from a varied background, but in general are younger than hackers, some as young as 10 or 11 years old, and not always aware of the damage they could incur.
'Writing malicious code is not - in all countries - in and of itself, illegal. Thus, this reward is not likely to have much impact on the actual writing of malicious code,' she said.
'However, the reward clearly demonstrates the seriousness of the release of malicious code such as Blaster, and therefore is one way to send a strong message to young people that these types of activities are not acceptable and can have extremely serious consequences,' she said.
'Young people tend to not conceptualise the consequences of certain behaviours. If we think back to our own adolescence, most of us can probably identify with this phenomenon. Add to this the scalability of the Internet, the depersonalisation brought about by on-line communication, and you can see how the consequence of many online behaviours is simply not a 'reality' for many people. However, this can be shifted by peer interaction, and societal messaging over time,' she said.
'Over the long term, these types of societal messages can be effective, and when combined with reinforcement of peer interaction, parental attention and education, can help facilitate changes in attitudes and behaviours.'
Many of her contemporaries claim virus writing is an organised crime, and this reward program will only help catch the small time writers, not those higher up in the crime ring.
However Gordon said the likelihood of success of any investigation depends on many factors - not the least of which is the makeup of the population involved, and the type of activity engaged in.
'These are two different kettles of fish. With populations and activities so dissimilar, the outcomes would tend to be dissimilar,' she said.
On the question of whether bounty money on the heads of the virus writer could be appealing to them, casting them as outlaws worth a certain amount of Microsoft dollars, Gordon said this was unlikely.
'Offering a reward for information about various types of crime - including computer crime - is not a new idea: it has been done in the past, and generally the criminal is not very happy about this. The reward does clearly demonstrate the seriousness of the release of malicious code, and sends a strong message to young people that these types of activities can have extremely serious consequences.'
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
