German law enforcement were able to arrest the alleged perpetrator of Sasser within seven days of its launch, based on fast action by local police and broad cooperation among German law enforcement agencies, the FBI and Secret Service in the US, and Microsoft.
The information leading to this arrest resulted in part from Microsoft`s anti-virus reward programme, as well as new technical and investigative techniques Microsoft has developed during the past year to address these types of situations.
Microsoft entered into a partnership last November to create a $5 million anti-virus reward programme, supporting Interpol, the FBI, and the Secret Service. Aware of this programme, certain individuals in Germany approached Microsoft investigators last week, offered to provide information about the creator of the Sasser virus, and inquired about their potential eligibility for a reward. Microsoft informed the individuals that the company would consider providing a reward of up to $250 000 if their information led to the arrest and conviction of the Sasser perpetrator.
Following this discussion, the individuals provided information to Microsoft and local authorities in Germany. Microsoft reviewed this information and, in conjunction with law enforcement authorities, pursued technical analysis to verify the accuracy of the information provided. The FBI also provided investigative support for German law enforcement.
The investigation led by German police over the past week led to information relating not only to all four variants of the Sasser worm, but also to the Netsky worm, which was launched on 16 February 2004. Ultimately there were 28 variants of the Netsky worm, and German authorities are alleging that all these variants are connected to the individual arrested yesterday.
"Malicious code such as Sasser is not likely to disappear from the Internet, even once those responsible are brought to book. It`s important that customers keep security as a priority and both update and clean their computers and networks," says Colin Erasmus, technology security manager at Microsoft South Africa.
The reward programme is just one of several ways that Microsoft is working to help better protect its customers and the industry. With security as its number one priority Microsoft is focusing on improving the resiliency of computers by improving the ability to isolate worms and viruses as well as an all out concentration on engineering excellence to improve code. There is also significant drive to advance authentication, authorisation and access control.
Microsoft continues to encourage customers to follow the advice on microsoft.com/protect: use a personal firewall, remain up-to-date on software updates and maintain anti-virus protection.
Share
Editorial contacts