Security threats Toolkit

Sasser bounty hangs on conviction, says Microsoft

Tags:
Microsoft,
Sasser

Published: 13 Sep 2004 08:15 BST

Sven Jaschan, the alleged author of the Sasser worm and several variants of the Netsky virus, was charged last week by German police, but the informant who led authorities to the suspect will have to wait for a promised $250,000 (£140,000) reward, Microsoft officials said on Friday.

The 18-year-old suspected virus writer has been charged with sabotage, but no court date has yet been set for his arraignment, according to an antivirus expert familiar with the case.

The progress of German police in the case heartened Hemanshu Nigam, head of Microsoft's Anti-Virus Reward Program, a $5m pool for rewarding people who ferret out those who release viruses and worms.

"This is a great step forward," said Nigam, a corporate attorney and the primary liaison between the software giant and law enforcement. "This is the first time that charges have been filed in a virus case as a result of the Anti-Virus Reward Program."

The charges are the latest success for Microsoft's virus bounty effort. Although the software giant has placed quarter-million-dollar bounties on the heads of those responsible for the MSBlast worm, the Sobig virus and the MyDoom virus, no arrests have yet been made in those cases. The arrest of the author of a minor variant of the MSBlast worm predated the award programme.

Authorities claim that Jaschan has confessed to creating and releasing both Sasser and several variants of the Netsky virus. German authorities arrested Jaschan, a resident of the town of Waffensen, in early May, based on a tip from an informant who had approached Microsoft with credible information.

The Sasser worm and its six known variants have compromised hundreds of thousands of computers running Microsoft Windows, with some estimates putting the number of infected systems in the millions. The Netsky virus and its more than 30 variants, most of which Jaschan is also accused of creating, have likely infected hundreds of thousands of computers as well.

Nigam would not speculate on whether Microsoft would withhold payment if the informant is found to have also written viruses, a suspicion that the German police are reportedly pursuing.

"We would love to provide the reward once a conviction is reached," he said.

The police have not had great success in finding victims of the Sasser worm, according to Graham Cluley, a senior technology consultant at antivirus company Sophos. Law enforcement authorities in Germany have only been in touch with about 150 companies, which, combined, have claimed losses totalling about $150,000, he said.

"I have to wonder how effective the authorities are in getting this information," Cluley said. "I can understand that many companies wouldn't want to come forward, but there should be a lot of universities and small businesses that would file claims against the Sasser author."

Cluley believes that Jaschan created the Sasser worm and Netsky viruses but may have had help writing and distributing them, which could mean more arrests are on the way.