Microsoft announced that they have created and initially funded a new program, the Anti-Virus Reward Program, with an injection of $5 million dollars. The company said the new program is “an old fashioned criminal justice tactic to help solve a modern day problem.”
The fund will help supplement online investigations carried out by the FBI, the U.S. Secret Service, and Interpol to track down those who unleash malicious code such as the Blaster and Sobig worms, which are the company's first targets. Anyone who provides information leading to the arrest and conviction of the perpetrators will be paid $250,000.
Company attorney Hemanshu Nigam said, “It’s important to clarify the conduct we want to combat. When someone illegally distributes malicious code, it is not a game, it is a serious crime that has serious consequences \[...\] Security is a top priority for Microsoft. Overlaying that is Microsoft's long-term goal to make computing safer and more secure, and to help bring about a safe and secure Internet experience. Criminals who illegally launch malicious code attack this experience.”
Nigam pointed out that there are roughly 200 to 300 new viruses discovered every month. The company will consider circumstances to determine which ones merit having a bounty placed on the author. If the initial $5 million dollars in funds become run out due to payments then the company will consider refunding the program.
A member of the Full Disclosure mailing list pointed out that perhaps Microsoft should also provide a bounty for bugs in their software, paying those researchers who work hard to discover the problems and report them to Microsoft. By and large the work of such researchers goes relatively unrewarded, except for the notoriety they might gain by publicizing their discoveries.