In Virus Wars, Microsoft Wins One
Microsoft Corp. claimed a breakthrough in the war against computer viruses, after the software company's cash-reward program led to the arrest of a German teenager believed to be responsible for the disruptive "Sasser" and "Netsky" programs.
After a whirlwind three-day effort to validate a tip from informants, authorities in the German state of Lower Saxony on Friday arrested an 18-year-old engineering student at a local technical school. The suspect, who wasn't identified by name, later confessed, German police said.
Microsoft said its Munich offices received the tip by telephone from acquaintances of the suspect. Executives at the Redmond, Wash., company said the informants will together collect a $250,000 reward from Microsoft if the suspect is convicted. The company wouldn't identify the informants or give much additional information about them, other than to say there was more than one person and fewer than five.
VIRUSES: SPREADING TROUBLE
o See more coverage on computer viruses, plus related information, at wsj.com/virus.
"For us, this is something of a defining moment in demonstrating our ability to combat malicious code in collaboration with the authorities," said Brad Smith, Microsoft senior vice president and general counsel.
The arrest is the first time a suspect has been nabbed under a reward program that Microsoft launched in November, setting up a $5 million fund, in conjunction with Interpol, the Federal Bureau of Investigation and the Secret Service. Writers of viruses, worms and other disruptive programs typically target computers running Microsoft's dominant Windows operating system and other software. The increasingly debilitating impact of the malicious programs has started to hurt Microsoft's software sales to corporations.
Security flaws in its software have proved difficult for Microsoft to eliminate. But if more hackers prove willing to snitch on each other for money, virus writers could be deterred by the threat of jail time from releasing their creations. Files found on suspects' computers also could lead to additional arrests, and provide other information to help security experts block malicious code.
Sasser began infecting computers across the Internet just over a week ago. Unlike other malicious programs, which typically infect computers after users click on attachments to e-mail messages, Sasser doesn't require a user to take any action. Instead, the worm scans the Internet for vulnerable computers, infects them and uses those machines to search for other potential targets. Sasser doesn't erase files on a user's computer, but it does slow down computers, causing them to crash in some cases.
Security experts believe Sasser has infected millions of computers globally on the Internet. Last week, it infected a third of Taiwan's post-office branches, and 20 British Airways flights were each delayed about 10 minutes Tuesday due to Sasser troubles at check-in desks, according to the Associated Press.
Despite the arrest of its suspected creator, Sasser is expected to continue its disruptions. "It's a bit like Pandora's box -- once the box has been opened, you can never put it away," said Graham Cluley, a senior technology consultant at Sophos Inc., a security software firm in Lynnfield, Mass. "We believe the worm will carry on infecting people for months to come."
Early yesterday, not long after the German suspect's arrest was announced, a new variant of the Sasser began infecting computers in Portugal, France and other European countries, according to executives at PandaLabs, a security software firm. "This fact confirms our fears that he is not the only person programming the Sasser and Netsky worms, but rather it is an organized group of delinquents," said Luis Corrons, head of PandaLabs.
Security experts had previously suspected that a group called Skynet was responsible for both Sasser and Netsky, a program released early this year that has been followed by many variants. A message contained in a recent variant, Netsky.AC, claimed responsibility for the group.
Microsoft said it received the tip Wednesday from the informants, who were aware of the reward program. Company investigators in Europe and the U.S. began working feverishly to verify technical information provided by its informants to prove that the suspect was the creator of the Sasser worm, the company said. Once it verified the information from the informants, which it declined to describe, Microsoft said it notified German police.
On Friday, investigators searched the house of the suspect's parents near the north German town of Rotenburg, impounding the teenager's computer, which contained the source code for the virus, according to a statement published by the state crime office in Hanover. "The schoolboy didn't think through the ensuing consequences and damage," the police statement said. At a police station the teenager confessed, saying he set out to create a program called "Netsky A" that would suppress computer viruses already in circulation, including "Mydoom" and "Bagle."
After questioning the youth, police let him return home. Public prosecutors will decide what charges to bring after completing their investigation. Since he was 17 at the time he programmed the virus, the case could come before a juvenile court, a police spokesman said.
Separately, an unemployed 21-year-old man who admitted to creating another malicious program was arrested in the district of Loerrach, in southwest Germany. The man said he created a worm that goes by the names "Agobot" and "Phatbot," prosecutors in Stuttgart told the Associated Press. The prosecutors said they had found no indications of any link between the man and the teenager arrested in connection with Sasser, though both were arrested Friday.
微软悬赏引病毒制造者落网
微软公司(Microsoft Corp., MSFT)宣称在与电脑病毒的斗争中取得突破性进展。该公司发出悬赏后,一名据信是Sasser和Netsky病毒制造者的德国少年已被捕。
在接到知情人举报后,德国下萨克森州政府经过3天的努力于上周五逮捕了一名在当地技术学校就读的年仅18岁的工程专业学生。德国警方称,该名嫌犯随后已供认不讳。
微软表示,公司在慕尼黑的分支机构曾接到上述嫌犯的熟人打来的举报电话。
微软表示,如果嫌犯被证明有罪,举报人共将获得250,000美元的奖励。该公司没有提供举报人的相关情况,但表示举报人数为1至5人。
但就在上述嫌犯被捕的消息公布不久,安全软件公司PandaLabs表示,又有一种Sasser的变种病毒开始感染葡萄牙、法国等欧洲国家的电脑。PandaLabs的负责人Luis Corrons表示,这一状况表明Sasser和Netsky病毒应该是由一个有组织的犯罪集团所为,并非是由该嫌犯一个人制造的。
