A funnier twist of this story would be: The Linux community will offer $250K to the author of the Conficker worm if it can attack a Linux machine.

LOL Can they afford so much money?
Hackers careless because Linux still has less than 1% market share. All the hackers I know use Windows because of it's dominant position. With the release of Windows 7, it's little market share is even going down

Except, nitwit, that the primary targets of compromise are servers that house valuable databases or services - not your 99% marketshare of $399 fanboy PCs used to play games.

The majority of the larger systems with data worth compromising are still dominated by various UNIX and Linux machines - and they do not suffer the plethora of compromises so routine in your toy OS that wants to be taken seriously but which fails utterly and is able to not only be compromised but TAKEN OVER so simply!

But I know, it simply confuses you still further that the primary targets of serious hackers are not your puny game platforms... So keep quoting your market stats - as you fail to address the fact that one might think since so much development time is spent on your prized environment, someone should by this time come up with not only coding best practices, but OS designs and tools to prevent such compromise.

But then I guess they are too busy playing games...and waiting for their mom to drive them to Best Buy.

foxfyre: By the way my DELL XPS H2C with Intel Core i7 cost more than $4000. $399? LOL

"The majority of the larger systems with data worth compromising are still dominated by various UNIX and Linux machines - and they do not suffer the plethora of compromises so routine in your toy OS that wants to be taken seriously but which fails utterly and is able to not only be compromised but TAKEN OVER so simply!"

LOL. The Mac and Linux (UNIX based) kernel operating systems have dominated the top spots for vulnerabilities by operating systems over the past three years than Windows. Don't believe me? see this fartfyre: http://news.cnet.com/8301-1009_3-10154662-83.html
As far as exploiting those holes, oops so little market share...

By the way I can use this PC (Windows Vista x64, Windows Server 2008 x64 and Windows 7 beta x64) for anything, I mean anything, not just for gaming, unlike your disabled Mac Pro or iMac. Did you install tons of updates recently released by crapple for it's crap os x?

Please wake up and stop dreaming :)
Oh yeah!! LOL

You imagine the upper tier databases hosted on "Mac and Linux" OSes?

LMAO. At that point you effectively demonstrate that you are so ignorant of the real world enterprise and Trusted System environments as to render your entire argument not only moot, but simply infantile.

Are you even aware of systems outside of the desktop???? Not to mention that you pay over $4K for a DELL system? LOL! Your credibility just keeps sinking!

Of course not, as they don't even advertise in these market segments!
Let alone employ Seinfeld to do whatever it is that he is supposed to do - however ineffectually.

And I don't give a sh!t about Windows OR Mac. It is fascinating that this is what YOU think to which I am refering. LOL! But you sure do live in a tiny little worldview, don't you Shellboy?

You think MS dominates these environments? Not to mention that YOU imagine Apple being a viable alternative! You Nimrod!

You ARE clueless.

LMAO.

"All the hackers I know use Windows because of it's dominant position."

LMAO!!!!! Sure, if all you care about are databases consisting of your pirated MP3 files!

Look this up and then see if you are able to understand it.

Yup, so where do they use UNIX???

http://www.wintercorp.co.../TopTenWinners_2005.asp

fartfyre: sorry dude I don't listen to music

How ironic, Nimrod, as the largest database users don't do Windows.

Once the get this guy they should put a hit on the person.
Not like I don't have job security because of these people. But I'm sick of the spyware already..

ya I remember Jeffrey Lee Parson. If I am not mistaken he was a 19 year old hacker from NZ. There were bugs in that virus and was compressed using UPX. And I still remember, It took me a couple of days to decode the exploit codes or shellcodes from that worm :)

These data were present in the rdata section of that PE:
I just want to say LOVE YOU SAN!!
bill gates why do you make this possible ?
Stop making money and fix your software!!

LOL

Bill is too busy releasing mosquitos in his money vault to listen.

Here's a radical idea that no one seems to have thought of...

How about spending that money to produce tested code resistant to such exploits?

fartfyre: The vulnerability was patched months ago. Read that statement carefully.

Care to have a go yourself?

They've fixed the hole. Now it's only idiots (note: this includes all government IT departments) who are getting infected because they don't update their OS.

As usual, iTard gets it wrong... well, no surprises there...

I was referring to producing code from inception that didn't need to be fixed - tomorrow, yesterday, 3 months ago or ever. Duh!

Such a concept simply confounds the hell out of you, doesn't it Nimrod?

If only perfect code is allowed to be released, no code will ever be released.

Oh, I am sure foxfyre could do it. He knows all.

...or he's a know-it-all.

...or something. ;)

Poor babies.

Buffer overflow is the single most common technique used to compromise and assume control of a Windows based machine.

This problem CAN indeed be tested and remediated.

Huh? What? You mean...?

But being a Windows fanboy, and judging from the screen door you call an OS, you obviously are unaware of this.

Poor headcase "If only perfect code is allowed to be released, no code will ever be released."

LMAO!

ALL code need not be perfect.

But ALL code should be scrutinized using readily available tools to avoid the ALL TOO COMMON problems routinely afflicting the screen door OS known as Windows.

The real irony is that Windows exploits do NOT use exotic means to circumvent elaborate or elegant defense mechanisms.

Instead its the same few exploits that are used again and again and again that should have been addressed fundamentally.

The most common attacks (30 per cent) targeted port 135, which is used for remote procedure calls in Windows. That port was used by the infamous Blaster worm to spread onto unpatched PCs back in 2003. Port 139, generally used for Windows network shares, and port 22 (used by SSH), are also frequently attacked. Attacks associated with port 22 would commonly involve attempts to work out remote access passwords by brute force and accounted ~12 per cent of attack traffic.

Imagine the concept of securing ports by default... But its SO difficult! And authenitcation? Opps! With advanced tools like ActiveX which utterly lack authentication, the catch phrase in Windows is "come on down!" and anything that says its a friend of Office is invited right on in!

Buffer overflows are not that difficult to defend and mitigate in the design stage prior to being released and compromised! Again and again and again.

And besides, how many OSes can be so easily knocked over and control gained over the entire machine like routinely happens in Windows?!?!?!

I know, I know ...millions by your count. Which reflects your apologist fanboy standards...
Just name ONE...

Isn't it hilarious that Windows fanboys find such incredible satisfaction if ONE lab induced incident occurs that only crashes a local application in a sandboxed/protected environment, and they then declare that system fatally flawed.

All the while these same Nimrods are content to make excuses maintaining that "perfect code cannot be produced" regarding a system that is routinely compromised and taken over by such rudimentary and easily avoided coding fukups...

Such high standards...but then having existed on your knees for so long - obviously not learning how to employ coding best practices while down there - it all looks like up to you.

Foxfyre, I'm not a MS fanboy, if anything i am an Ubuntu Linux fanboy as i often encourage friends and family to switch over.

And you know what? Ubuntu doesn't release only perfect code either. nor does Apple. any box has vulns.

MS vlulerabilities tend to be a bit more obvious, in part because of their market penetration.

Hell in the most recent Pwn to Own competition at CanSecWest, the MacBook fell forst, due to a bug in Safari. The Vista Box took longer to fall, and the Ubuntu box didn't.

http://dvlabs.tippingpoi...ial-winner-with-picture

Please note: the mac fell to bad code that was done by Apple, The vista box fell to buggy third-party code.

And i am not going to fall for a myth that this means Linux is invulnerable. The people in this competition just didn't find any this time.

There ain't no such thing as perfect code.

@mfheadcase: Agree with you.

MacBook Air got hacked in mere 2 minutes at the CanSecWest conference via a security hole in Safari. 3rd day: Vista got hacked too using the flaw in Adobe Flash, one of the most popular 3rd party software for Windows. Shane Macaulay, Derek Callaway and Alexander Sotirov, were able to gain control of the laptop. Firstly, the contest was bit difficult when only OS could be targeted, but second day saw some changes and standard applications were included. Apple got down due to flaw in Safari and in the third day flash pulled Vista down. MacBook air (using Mac OS X) and Toshiba (using Vista) got hacked but Linux running on Sony Vaio remained the only unhackable of the three.

I love how someone thinks that by saying "well, they got hacked too" that that somehow eliminates the responsibility of the OS in focus.

And no one said any system was infallible - so let's dismiss that strawman BS once and for all. But then Shellcoder has little to say.

Is OSX more fundamentally secure than Windows, regardless of number of users. Yes. Is it perfect? Hell no. But then Conficker isn't bothering OSX, is it? Nor are any major issues other than trojans that idots download voluntarily only to discover the app works exactly as designed! Is this the only problem facing Windows? They wish!

But different systems do exhibit different degrees of exposure based upon design. And coding best practices would eliminate a good 80-95% of all of the common issues that ROUTINELY bring systems down. The irony is that this percentage is lower in Windows due simply to the fundamental exposures in the OS design itself.

Something that totally escapes far too many here for whom the center of the IT universe is their Windows game platform.

And for what ita worth, the Mac was hacked, not via aomeone actively approaching the OS from outside, but due to the requirement that a fool operator visit a specific website, actively opening a port, and upon so doing the hacker is then able to open a telnet session into the computer and get access. despite SSH being a fundamental part of OSX - rendering any allowed telnet session a major act of stupidity.

DUH!

So I guess going to a brothel and screwing an infected hooker without a condom is a fundamental vulnerability that the average non-promiscuous individual need fear?
LOL!

Let's see...so you maintain that Windows is equally secure as other OSes... Fascinating and wrong.
Does that mean all others have to be perfect? NO! It is a relative measure, reinforced by actual OS design. And in this respect, Windows has some real significant problems.

But the inability of the Windows fanboys to acknowlwedge this as they wildly scramble to cite ONE or TWO isolated incidents is comedic at best and tragic at worst.

It seems that one could use the same tired "naturally its easier for Windows to be hacked because more use it" argument to say that "Since so many use it, Windows such be the most examined and most secure OS" - but any mention of that is amazingly absent.

What is more telling is that the majority of LARGE databases - the real plums of the hacker world, run on UNIX. And while UNIX is by no means absolutely secure, they don't run 'anti-virus' software. Nor are they routinely hacked as many Windows databases are.

Knocking over a Windows bix is trivial. Infecting a Windows box with malware and secureing control of a Windows box is trivial.

Infecting many of the other available platforms is not as trivial. And infecting other platforms and securing control of the OS and box is NOT trivial.

And again, closing ports by default, and preventing buffer overflows is a rather trivial issue. One that MS - despite having more man hours invested into it than any other platform - has not yet quite figured out. As well as the various application developers which seem to specialize in that feature!!!

And they have done a much poorer job of both that, and the more fundamental job of designing an PS that is more resistant to compromise to having control assumed by external sources.

Regardless of how many use it or not.

Obviously neither of you have had to write a Common Criteria Trusted Systems Protection Profile for a Windows system and a Non-Windows system. Otherwise this would be a foregone conclusion.

Good for them, more high profile rewards and those that make our lives a misery will think twice. We need to see some tough sentences handed down, no rewards for the bad guys, no nice little job with some security firm, just prison time, lots of prison time. Nice to see the support you guys are offering though, but then again no matter what Microsoft do/did/does it won't/isn't/wasn't good enough for you, but then what have you lot ever done but moan, heck it's what you do best. OK now give me the thumbs up fellows.

This has gotta please their shareholders!

Take our money!

Who is exploiting a 10+ year old flaw in Operating system? Can we blame them?

Hah. Like it's anything more than an atom of money in an ocean of wealth.

Perhaps, I bet the thousands of employees that just got laid off wouldn't mind some of that money...

Sure they would, but life's a b****.

I would have been much productive to Microsoft and the rest of the world if Microsoft would have not conditioned its security update service on active license. I have seen many badly infected PCs in the past with no patch since installation because the owner never 'activated'. Such machines are safe homes for malware targeting other Windows machines.

Why not.

After all, the $10M offer for bin Laden has worked spectacularly well.

Meh. It worked for finding the perpetrators of Sasser.

Blaster, MyDoom and SoBig had the same offer but they're still at large.

I'm pretty sure the Blaster writer was caught and sentenced to 18 months back in 2005...

That'll be the B variant (which I grant was more rampant).
I'm not quite sure whether or not Microsoft's money was got that variant or not.