Microsoft reward snags suspected Sasser author

Microsoft's $5 million fund for rewarding informants for leads on virus attacks has snagged its first success with the arrest of a man in Germany who has confessed to the release of the Sasser worm, the software giant said Saturday.

In what the company called a "coordinated multinational law enforcement effort," information provided to Microsoft by informants led local authorities to arrest the 18-year-old unnamed resident of Rotenburg, Germany, only a week after the original Sasser virus had been released.

News.context

What's new:
Microsoft's $5 million fund for rewarding informants for leads on virus attacks may have snagged its first success in the arrest of a suspect in the Sasser worm case.

Bottom line:
Security experts said this could be the single biggest arrest yet in the campaign against the computing underground responsible for hatching worms and viruses, which has proved difficult for law enforcement to crack.

More stories on this topic

"Within 48 hours of the informants' coming forward, our investigators and the German police were able to identify the perpetrator of the Sasser virus and to take him into custody," said Brad Smith, general counsel for Microsoft. "This individual is responsible, we believe, for all four variants of the Sasser virus."

The arrest brings a quick end to the latest worm incident. The week-old worm has slowed its spread, as companies clean up existing infections. The worm and its three known variants have compromised hundreds of thousands of computers running Microsoft Windows, though some estimates put the number of infected systems in the low millions.

The arrest is the first success for Microsoft's Antivirus Award Program, a $5 million fund to reward people for coming forward with information about those who release major worms and viruses. While Microsoft has offered three rewards for $250,000 each for those who were responsible for the havoc caused by the MSBlast worm, the Sobig virus and the MyDoom virus, no arrests in those cases have yet been made. The arrest of the author of a minor variant of the MSBlast worm predated the award program.

While Microsoft had not announced any reward for information about the person or group that released, and presumably wrote, the Sasser worm, the informants approached the software giant's German office on Wednesday and inquired about whether such a cash award would be paid.

Smith would not comment on whether there may be additional arrests, but he confirmed the investigation is ongoing.

Graham Cluley, senior technology consultant for antivirus firm Sophos, praised the quick arrest.

		Related coverage Sasser keeps slithering Read all of News.com's stories on this latest Internet worm. Also: Sasser prevention and cure.

"Aware of this program, individuals in Germany approached Microsoft investigators," Smith said. "We did not hesitate and made a decision to offer a reward of $250,000."

Smith wouldn't say how many people came forward, except to indicate it was fewer than five. Moreover, while he would not comment on whether a relationship existed between the Sasser suspect and the informants, he did say that they both live in the same part of Germany.

"These were individuals who were aware of who the perpetrator was; they did not stumble upon this because of technical analysis," Smith said.

The arrest could be the most significant since David L. Smith was arrested for spreading the Melissa virus in 1999, and Sasser may eventually exceed that case in importance as well, because Sasser may have been written by a group of programmers. The arrest could lead to more suspects.

		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

Moreover, security experts and German police believe that the author of Sasser also created several, if not all, variants of Netsky, a mass-mailing computer virus. At least one version of that virus was signed by what seemed to be a group of programmers calling itself the Skynet Antivirus Team.

"All these worms have been highly disruptive and complex, suggesting that the author isn't working alone," he said. "Seizing this man's computers could provide the vital clues that will bring down the infamous Skynet virus-writing gang. We would not be surprised if more arrests follow in due course."

Microsoft also said that several new virus research techniques that the software giant has developed over the past year have played a key role in identifying the author and verifying the data provided by the informants.

The message for virus writers is that they are not safe from the law, Smith said.

"I do think that the fast action in this case does send a message to people who are thinking of launching or creating malicious viruses and worms," he said. "And that is, we together with law enforcement can and will identity (individuals) who launch malicious code on the Internet. And law enforcement can and will bring them to justice regardless of where they are in the world."

[arthur-b]

one down, several millions to go

Leave it to PR to call this a success but the fact is that there's still plenty of oppurtunity out there to cause more havoc.

In all a true Microsoft tradition. Fight symptoms rather then causes because it looks better on paper.

In other words, not even a $10M reward will make the problems related to Microsoft's insecure products go away. And let's be honest, even $10M would be nothing more then pocket change for Microsoft and still a whole lot cheaper (at least for them) then rewriting their insecure products into more secure versions.

Maybe one day the idea will sink in that things happen for no other reason then because they can. It's just to easy.

I had Sasser 2 Weeks ago!

It could be that I was one of the "lucky people" in the UK to become the first victim to the Sasser Worm a couple of weeks ago. Whatever, I couldnt find any resources about its origin, damage or repair at that time.

Even so, as a software developer and IT company director I think it is highly amusing that (a) People can be prosecuted for exploiting the proffesional incompetencies of software empires, and (b) the same software empires would offer a reward to prosecute individuals that should exploit their badly built products....

Its like Lexus prosecuting somebody who has an accident in one of there cars because it was faulty....

You draw your own conclusions...

Lexus analogy

No, it is not "like Lexus prosecuting somebody who has an accident in one of there cars because it was faulty." It is like some malevolent jerk finding a small space in the undercarriage of a Lexus and running around planting bombs in all the Lexus' on the planet blowing them up. Then Lexus offers every Lexus owner a free piece of metal to cover the opening, along with prosecuting the malevolent jerk who blew up all the Lexus owners. The victim of the crime is not Lexus, it is individual people who own the cars, and the perpetrator didn't attack Lexus, he attacked each individual who owned a Lexus.

There should be class action lawsuits against the jerk(s) who create computer viruses brought by all system owners who are infected -- and the punishment should be 10 minutes in jail for each infected system. Let's see... if you infect 1 million systems, that would be... just over 19 years. Sounds good to me. And while they are in jail, they should be writing helpful freeware -- with time off for each good program they provide for the world.

[rbannon]

Shoddy product . . .

I think Microsoft should be charged as a co-conspirator. Yes, I
am serious.

I doubt they will collect anything...

My take on this is that the informants knew the
author. If that is the case they will most likely be charged as co-defendents, and I really
don't think that Microsoft will pay the author(s)
of a damaging virus. I also agree, that whenever
someone find a security flaw in anyone's software, that company has the responsibility to
immediately inform the public and issue a fix for the problem.

Attitude adjustment

I agree that the informants probably knew the Sasser's creator and that the possibility of them being charged as co-defendants is a real one.

What I don't agree with is this big-brotherish attitude that it is a person's, or a corporation's duty to hand over intellectual property (a.k.a. security flaws and fixes) for free to the general population.

It takes a tremendous amount of work to find both security flaws and their solutions, and very few people worth their weight are going to offer there time and effort without some sort of compensation.

In addition, If the persons involved in handing over information vital to the arrest of the suspect are charged as co-defendants, it is quite likely that people will think twice about offering information leading to arrests in the future.

[bjbrock]

I find it interesting that an 18yr old...

kid was able to wreak such havoc with a product written by "professionals". Probably very high paid professionals. I think this is just another testament to how unprofessional Microsoft and their products actually are.

Microsofts products are nothing but Mickey Mouse.

Microsoft needs to be sued for every dollars worth of damage that was made possible by their pooor excuse for software. Their OS has not been the only dangerous product. Every product they have sold which "listens" ocer the Internet has been a source of great pain and suffering by trusting consumers. Microsoft should be held accountable for this pain and suffering.

And, what evidence do we have that this person is the penner? The word of someone whose first question was how much do I get paid?

MS has turned the PC into a pile of junk do to junky software.

Just another digital artist caught for making art...

I agree with Bill Brock. He's right about Windows being cr**. We pay Microsoft $300 to give us an OS written by some hi-priced key-typers which some 18 year old kid took advanage of. We shouldn't have to deal with kind of junk, this is why i hold faith for Apple. Their OS and hardware far surpass any Windows hardware or OS. They may lack in a few area's, which is acceptable, but compared to Microsoft they're rock hard OS's.
I understand that these guys are out to mess with our computers and just mess up our day. But, these are the digital artists who can make a program do amazing things through a tiny software hole. Very few people understand the skill it takes to make a virus. Microsoft shouldn't put these people into jail, but make them work off their debt. They could catch people and get them to hack the latest verson of windows, fix it, then relase it. Wouldn't that make more sence than this "f***'em! put them in jail" aditude? Free OS testing and then less problems to deal with? Oh wait, i just gave another billion dallors to Gates. I think we should all get together and sue him, wouldn't that be a hoot? lol. But then he'll get his high-priced laywers on us and we're dead. Hence all the digital attacks on him, can't sue a computer can he now?
Well i'm just some teenager with big idea's for the internet, no one listens to me anyway. HA, i bet this won't even make it through filtering and it will be taken down. But you just wait, Gates will be the demise of his own world. Soon the furits of Apple will be ripe for picking. Ever notice that apple systems are very sercure? Maybe it has to do with it's founder being a hacker himself.

I dont understand this!!!

This is in my 15 minutes of checking out this news forum has been one of the most uneducated and non-professional areas that I have ever been to. I cannot believe that the majority of the people here are complaining that this is a Microsoft Corporations problem. This problem does not start with the company itself it is the people on the Internet who does not respond to the term "CRITICAL UPDATE". The vulnerability patch for worms like sasser has been out since early April and it is NOT Microsofts fault in any way that the entire world got infected. As a matter of fact I am managing a MS Network that has all critical updates done by the Software Update Server which Microsoft made available for download to help out Net Admins with this very problem. I do not understand how all of you here can say that Microsofts method has not been rock solid because of tools like the Software update Sevices. It is proposterous to hear professionals whine about how you or anyone else didnt get the job done. At the end of the day it is no ones fault but your own when problems occur like with the sasser worm. I hope they bury this guy under the jail to make an example to future authors of this nature.

It is time we stopped complaining and acted!

Well we have all be hit by the lastest virus, or not as the case may be.

I have read with interests comments that how can an 18 year old child do this much damage?
When Microsoft have all these highly paid profesionals.

Am i a Microsoft fan? Yes and No. YES. We use Microsoft on all of our machines and it works very well.
Is there a viable different option? No. We demand more and more out of our machines and we demand
that Microsoft deliver it fast. We don't want to wait. NO. I hate the demands by users for bigger and
faster machines to run the new systems. This is just evolution.

If you got burgled would you blame the police. Or would you learn from your experiences? Critical updates
is the same as the crime provention officer. It tells you of new problems and how to address them.

We could always wait for Microsoft to provide a totally secure bug free system. Would we wait. NO! we all
want it now. Not in 5 years.

With correctly configured firewalls, upto date virus checkers and a little commmon sence, all of these problems
go away. Would you blame the police if you left your keys in the front door? Would you blame the police
if you friendly next door neighbour told the burglars you kept a key under the door mat? NO! Of cource you
would not. So why blame Microsoft?

If we act responsabily and manage our systems correctly. The spread of viruses would be reduced. If the writers
of all these viruses realised they are not going to get as big an impact, they would go away. Its only "fun"
whilst it has a major impact.

I have written this to provoke thought! Not to start a major discsion on the topic. I will sign off with
the following statement. We did not get the Saaser worm. We did not have the critical updates. We did not have the
lastest service packs. We did not have the latest virus definitions. We DID HAVE total network security from the
outside. Think! LOCK THE DOORS.