On Saturday, Microsoft verified that its antivirus reward program, through which the company has pledged $5 million in reward money for information leading to the capture and conviction of electronic attackers, played a role in the capture of the Sasser worm's alleged author. The attacker created all four variants of the worm, which afflicted millions of computers last week. Microsoft commended law enforcement officers in Rotenburg, Germany, for the capture of the accused attacker, an 18-year-old teenager who allegedly also created the Netsky worm.
"As this case demonstrates, we will move quickly to support law enforcement worldwide to identify and hold responsible those who break the law by launching viruses and worms targeted at our customers," Microsoft Senior Vice President and General Counsel Brad Smith said. "The information leading to this arrest resulted in part from Microsoft's antivirus reward program, as well as new technical and investigative techniques we have developed during the past year to address precisely this type of situation."
The suspect was arrested just a week after the worm's first appearance, bringing the episode to a conclusion far faster than is the case in most electronic outbreaks. The investigation came together in just a few days, starting Wednesday, when people close to the teenager alerted Microsoft to his identity. The unidentified individuals (Microsoft says they number in the single digits) will split a $250,000 reward if the alleged perpetrator is convicted. Microsoft also offered that amount of money for the authors of the MSBlaster worm, SoBig virus, and MyDoom virus, although no arrests were made in any of those cases.
Smith says that the people who turned in the suspect knew him personally. German police arrested the alleged worm author 2 days after Microsoft first learned his identity. The German authorities are also investigating the teenager for authoring the Netsky worm and its 28 variants, which were launched in February 2004.