, SecurityFocus 2005-07-08
Microsoft plans to split the $250,000 reward for the information leading to the Sasser author between two tipsters, after a German court convicted and sentenced the creator of the Sasser worm and Netsky viruses on Friday.
A court in the town of Verden, Germany, sentenced the 19-year-old Sven Jaschan to a suspended sentence of 21 months, according to Microsoft. Jaschan, who was a minor in 2004 when Sasser started its spread, will have to serve 30 hours of community service.
"We're pleased that the author of the Sasser worm has admitted responsibility for the damage he caused and is being held accountable," Nancy Anderson, vice president and deputy general counsel at Microsoft, said in a statement. "It has been important and gratifying to collaborate with and support law enforcement in this case, and we're glad to provide a monetary reward to those individuals who provided credible information that helped the German police authorities solve this case."
Microsoft did not provide details on when the informants would receive the bounty.
The conviction is the first success for Microsoft's Anti-virus Reward Program, a $5 million initiative established by the company in November 2003, following the outbreaks of the Blaster worm and the Sobig virus. Rewards have been offered for information leading to the conviction of the person or groups that released those two programs and the MyDoom virus.
No arrests have been made in those cases, though the creator of a variant of the Blaster worm, 19-year-old Jeffrey Lee Parson, was sentenced to 18 months in prison in January.
The Sasser worm started spreading on April 30, 2004, using a vulnerability in a Windows component known as the Local Security Authority Subsystem Service, or LSASS. While it's unknown how far the worm spread, a week into the outbreak Microsoft said that 1.5 million users had downloaded a cleaning tool for the worm. The Blaster worm had infected about 10 million users, according to Microsoft estimates.
When Sasser started spreading in April 2004, Microsoft did not immediately offer a bounty for information on author of the worm. Instead, company officials in Germany were contacted by individuals, asking if the company would consider offering a bounty. Microsoft agreed, and on May 8, announced that the information had led to an arrest.
The bounty has been helpful, law enforcement officials said on Friday.
"The Sasser worm is just one example of the speed at which malicious code can spread across borders and how damaging it can be to industry and the public," David Gork, director of specialized crimes at Interpol, said in a statement. "Law enforcement must continue to work with private industry to solve this type of crime."
However, the conclusion to the case--a suspended sentence and only 30 hours of community service--had some antivirus experts perplexed.
"Basically, he has walked free," said Graham Cluley, senior technology consultant for antivirus firm Sophos. "Tomorrow he will show up at his job and continue programming. It sends out a rather weak message to other kids."
The court tried Jaschan as a minor because, when the teenager was arrested, he was still 17, Cluley said. Earlier this week, Jaschan admitted in court that he had written both the Sasser worm and the original versions of the mass-mailing computer virus, Netsky. The Netsky virus and its variants continue to place in the top-10 online threats, Cluley said.
"Even though he has been arrested and convicted, his viruses are still committing crimes," he said. "He has left a pretty significant legacy on the computer-virus world."
Yet, Microsoft's Anderson stressed that catching and prosecuting worm and virus authors is a deterrent, even if community service is the result.
"A criminal conviction is a very serious and sobering matter whether in Germany or the U.S.," she said in an interview with SecurityFocus on Friday. "This is not insignificant stuff."
No major worm outbreak has hit the Internet since Sasser. While Anderson does not believe Microsoft's program has solely stopped such attacks, she said that any conviction of a worm writer will have a real effect on would-be authors.
"I do believe deterrence plays a very important role in reducing crime," she said.
Microsoft continues to work with law enforcement to investigate the Blaster, Sobig and MyDoom outbreaks, Anderson said. She declined to provide further details of those investigations.
This article was updated at 11:35 p.m. PST to include additional quotes and information from Microsoft's Anderson following her interview with SecurityFocus.