Microsoft mulling bounty for Mydoom author

Microsoft is considering whether to offer a bounty for information that leads to the arrest of the Mydoom virus author, a company spokesman said Thursday.

Microsoft is working with antivirus companies and the U.S. Federal Bureau of Investigation about whether to put out a bounty, but hasn’t yet reached a decision, he said.

Mydoom is a computer virus that first appeared on Monday and targets computers running Microsoft’s Windows operating system. The worm spreads through infected e-mail file attachments and the Kazaa peer to peer network. Mydoom quickly spread worldwide, infecting between 400,000 and 500,000 computers as of Thursday, according to Network Associates Inc.

Microsoft first unveiled its bounty program last November, calling viruses and worms “criminal acts” and pledging $5 million for bounties to catch the authors of virulent worms and viruses. So far, Microsoft offered bounties of $250,000 for information leading to the arrest and conviction of the individuals who created the Blaster and Sobig worms, which appeared last August.

However, it has not attached a bounty to any other worm or virus outbreak since then, leaving much of the $5 million untouched.

On Tuesday, Mike Nash, corporate vice president of Microsoft’s Security Business Unit said that a bounty was “possible” in the case of the Mydoom author.

Microsoft considers a number of factors before it decides to offer a bounty, including the number of systems infected by the worm and the amount of damage caused, Nash said.

The company also looks at the severity rating assigned to worms and viruses by antivirus companies such as Symantec. and Network Associates’ McAfee antivirus unit, the spokesman said.

“We’re considering it right now and we’re working with law enforcement to help make a decision about whether to offer a bounty,” the spokesman said.