The world's largest software company -- which last month admitted that security concerns have begun to affect its bottom line -- also said it had earmarked an additional $4.5 million for future rewards.
Security headaches for Microsoft and its customers are likely to continue at least for the short term. The Federal Trade Commission has scheduled a news conference on Thursday to talk about a security hole in its Windows operating system.
The Wild West-style bounty underscored the threat posed by viruses and worms in an interconnected world, as well as the problems associated with catching those who originate them.
While SoBig.F and Blaster have caused little lasting damage, other cyberattacks have paralyzed automatic-teller machines, frustrated police dispatchers, and knocked nearly the entire country of South Korea (news - web sites) offline. Security experts say future attacks could disable power plants, hospitals or other "critical infrastructure."
AN INDUSTRY-WIDE PROBLEM
"These are not just Internet crimes, cybercrimes or virtual crimes. These are real crimes that hurt a lot of people," Microsoft General Counsel Brad Smith said at a news conference, where he was joined by officials from the U.S. FBI (news - web sites), Secret Service, and Interpol, the international police agency.
Many of the most damaging viruses have spread through security holes in Microsoft products, leading to widespread criticism of the Redmond, Washington software maker.
Although computer security is an industry-wide problem, "we have clear responsibility to take a leadership role in addressing the issue," Smith said.
U.S. investigators have identified suspects behind three of the six Blaster variants, but have not yet tracked down the author of the original version, said Keith Lordeau, acting deputy assistant director of the FBI's cybercrime division.
The United States recently increased cybercrime penalties, but many other countries do not even have laws on the books. Still, perpetrators could face prosecution under existing theft or trespass laws, said Peter Nevitt, Interpol's director of information and technology systems.
Security experts familiar with the investigation said the trail had recently gone cold. The unprecedented cash lure could generate new leads and sow mistrust in the hacker community, sources said.
"Apparently, they haven't had too much luck, which is why they are resorting to offering money," said Mikko Hypponnen, research manager at Finnish anti-virus firm F-Secure.
"There's certainly more of a motivation to reveal the identify of a virus writer than there was at this time yesterday," said Graham Cluley, senior technology consultant at computer security firm Sophos Plc in the United Kingdom.
Informants will be eligible for the reward regardless of country of residence, Smith said, as long as the suspect is found guilty. Internet users can send tips to any FBI, Secret Service or Interpol office, or online at the Internet Fraud (news - web sites) Complaint Center (http://www.ifccfbi.gov) or Interpol (http://www.interpol.int).