Digital Edition

$5 Million Fund Helps Nail Teenage Sasser Offender
German authorities were able to arrest the alleged perpetrator of the Sasser worm within seven days of its launch

He was only 18, he lived in Rotenburg, Germany, and he remained a free man for only a week after releasing his perverted creation, the Sasser virus. Reports say that the same man is also suspected of releasing all 28 versions of the equally notorious NetSky worm.

The investigation which led to his arrest came from a tip-off to Microsoft from as yet unspecified individuals. They stand to collect a payout of up to $250,000 under the company's $5m anti-virus reward program.

"As this case demonstrates," wrote Brad Smith, senior vice president and general counsel at Microsoft, in an official announcement last week, "we will move quickly to support law enforcement worldwide to identify and hold responsible those who break the law by launching viruses and worms targeted at our customers." 

"The information leading to this arrest resulted in part from Microsoft's anti-virus reward program," he continued, "as well as new technical and investigative techniques we have developed during the past year to address precisely this type of situation."

Here is the official account:

Microsoft entered into a partnership last November to create a $5 million anti-virus reward program, supporting Interpol, the FBI, and the Secret Service. Aware of this program, certain individuals in Germany approached Microsoft investigators last week, offered to provide information about the creator of the Sasser virus, and inquired about their potential eligibility for a reward. Microsoft informed the individuals that the company would consider providing a reward of up to $250,000 if their information led to the arrest and conviction of the Sasser perpetrator.

Following this discussion, the individuals provided information to Microsoft and local authorities in Germany. Microsoft reviewed this information and, in conjunction with law enforcement authorities, pursued technical analysis to verify the accuracy of the information provided. The FBI also provided investigative support for German law enforcement.

The investigation led by German police over the past week led to information relating not only to all four variants of the Sasser worm, but also to the Netsky worm, which was launched on Feb. 16, 2004. Ultimately there were 28 variants of the Netsky worm, and German authorities are alleging that all these variants are connected to the individual arrested yesterday.

Microsoft is working in other ways too "to help better protect its customers and the industry," as it expresses it, with five key areas of activity detailed on its Web site:

  • Technical innovation toward improving the resiliency of computers in the face of threats and improving the ability to isolate worms and viruses
  • Engineering excellence to improve code quality
  • Software and hardware advances in authentication, authorization and access control
  • Improvements to help customers better update their computers and networks when a security update is made available
  • Prescriptive guidance to help customers secure their computers and networks

But the site sounds a warning note, too: "Malicious code such as Sasser seldom disappears from the Internet, even once those responsible are brought to justice, and customers should still take steps to both update and clean their computers and networks."

The final statement is worth underlining too:

Microsoft continues to encourage customers to follow the advice on use a personal firewall, remain up-to-date on software updates and maintain anti-virus protection.

About Jeremy Geelan
Jeremy Geelan is Chairman & CEO of the 21st Century Internet Group, Inc. and an Executive Academy Member of the International Academy of Digital Arts & Sciences. Formerly he was President & COO at Cloud Expo, Inc. and Conference Chair of the worldwide Cloud Expo series. He appears regularly at conferences and trade shows, speaking to technology audiences across six continents. You can follow him on twitter: @jg21.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Imagine for a minute that you were a consultant and wrote code for a large corporation that has significant security flaws. Later your security flaws cost the corporation money as well as lawsuits from their customers due to personal information being stolen and abused.

Who do you think that the corporation would hold responsible?

I see the reward program for virus writers as sheer genius, for these reasons:

1. These virus authors are almost always part of a peer group. They get accolades from their peers by getting their creation mentioned in the news, for how many machines it took down, etc. Part of the payoff comes from the acknowledgement of their peers. Without this, their is much less reason to do it. I doubt that any of them operate in total anonymity.

2. Because they don''t operate in total anonymity, someone always knows who wrote such-and-such virus. And some of these people like money. Honor among thieves? I don''t think so.

For some reason, this hasn''t been working in the case of Osama bin Laden ($25,000,000 US), but maybe people in this category are more afraid of the judgement of Allah (according to their twisted system of ethics) than they are enamored of a deluge of cash. It certainly worked in the case of Saddam Hussein.

Sorry, that was supposed to be "Dave, [nod] to worrying..."

Dave, to worrying that these guys are the ones keeping Microsoft up-to-date. Although I doubt we have to really worry: as long as Microsoft is so huge, they might not have competitors, but they''ll sure be the biggest, ripest target out there.

Marco, you can''t "make an example" of people. It might be effective, but it''s hardly justice.

Dan and Marco''s comments are sophomoric. Are you guys saying you are experts in sociological behavior and social justice? I just want to point out the lynch mob mentality you are expressing. Should people who drive beyond the speed limit be punished severely because they endanger all those around them? And I am sure you guys speed. What if they cause a traffic jam and it slows everyone else down and wastes their gas. What if an ambulance with someone in it that is on life or death status gets stuck in this jam and that individual dies. It seems that the costs can add up, but we never punish those individuals for that behavior that is commensurate with the amount of inconvenience it causes.

And what does the author mean by perverse? Nice spin, jerk.

I have always wondered why Microsoft is never held accountable for their software throttling down the Internet and the World, just to get market share and captivate dumb monkies that require widgets for their attention. This amounts to negligence in my mind. Why is it they insist that the OS be built around accessories and not the other way around. Fix Microsoft culture and hold them accountable, their software could not be used to effect the rest of the World. But they assume they shouldn''t be held accountable for their reckless abuse of a public entity. It is out of their hands, in their minds. Microsofts attitude is like the attitude of rednecks that believe that they have the freedom to take their motorized recreational vehicles where ever and when ever they want with out considering the damage to the environment. Shoot, shouldn''t they be entitled to think of only themselves? Microsoft''s business model does not feel beholden to the environment they operate in. They are just a redneck company. Seems like the World needs to create some control to hold those that are thoughtless responsible.

In a perverse sort of way, individuals such as he provide a valuable service. One could argue that we owe thanks to these guys for holding Microsoft accountable for creating more secure software. Flush out these guys and there will be no one but Al Queda types attacking our systems - with none of the "teenagers" to have revealed the existing vulnerabilities beforehand.

I agree with Marco that consequences are necessary, but in a world with billions of people there will always be someone who thinks they won''t get caught. We cannot trust the security of our information systems to the hope that all potential criminals will be deterred by the consequences. What we need is an interface to the Internet that does not allow unauthorized activity on a computer, and an operating system that does not expect an end-user to figure out what is malicious.

Hmm, I do not think Microsoft, FBI, Secret Service or any authority will be capable of stopping theese people.

Most of them are teenagers, if not they are socially disturbed in one way or another. In both cases, it is an expression of power, that is experienced by trying to control a piece of something: an email system, a network box, or whatever.

Control is their driving force and so is everyone''s else. The more control the happier we are. Of course, "socially well behaved" individuals pursue control in some other more legitimate ways (not neccessarily less destructive ways: look at Bush for example), but the core is still there control.

So given all of the above, the only effective way to deal with theese people is to be prepared. So go and vote against Bush, turn on your firewall, patch your system, stop believing everything CNN brodcasts, etc., etc.

The only way to stop these people is to punish them as harshly as possible so it serves as a deterrant to others with similar clever ideas. If this individual gets something silly like 100 hours community service and then becomes a millionare by writing a book about it, IT community will never win the war.

Subscribe to the World's Most Powerful Newsletters


The explosion of new web/cloud/IoT-based applications and the data they generate are transforming ou...
CI/CD is conceptually straightforward, yet often technically intricate to implement since it require...
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple ...
Enterprises are striving to become digital businesses for differentiated innovation and customer-cen...
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As au...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't com...
The now mainstream platform changes stemming from the first Internet boom brought many changes but d...
DXWorldEXPO LLC announced today that All in Mobile, a mobile app development company from Poland, wi...
DXWorldEXPO LLC announced today that Ed Featherston has been named the "Tech Chair" of "FinTechEXPO ...
Chris Matthieu is the President & CEO of Computes, inc. He brings 30 years of experience in developm...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: D...
Andi Mann, Chief Technology Advocate at Splunk, is an accomplished digital business executive with e...
In this presentation, you will learn first hand what works and what doesn't while architecting and d...
The Internet of Things is clearly many things: data collection and analytics, wearables, Smart Grids...
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitori...
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use ...
If your cloud deployment is on AWS with predictable workloads, Reserved Instances (RIs) can provide ...
Disruption, Innovation, Artificial Intelligence and Machine Learning, Leadership and Management hear...
We build IoT infrastructure products - when you have to integrate different devices, different syste...
Consumer-driven contracts are an essential part of a mature microservice testing portfolio enabling ...