Microsoft Rewards Sasser Snitches

Microsoft Corp. (Nasdaq: MSFT) is paying out $250,000 to two informants who helped identify the creator of the Sasser worm. The worm, which targeted the Windows operating system, wrought havoc on corporate IT systems last year (see Report: Malware Cost $169B in 2004).

Teenager Sven Jaschan, who unleashed Sasser, was given a 21-month suspended sentence today by a German court, after being convicted of computer sabotage and data manipulation.

Microsoft says the unnamed informants will now be paid from its anti-virus reward program, which was set up in November 2003 with Interpol, the FBI, and the U.S. Secret Service to help catch cyber criminals and the perpetrators of viruses and worms.

In a statement released today, Nancy Anderson, Microsofts deputy general counsel described the Sasser reward as money well spent. “We’re glad to provide a monetary reward to those individuals who provided credible information that helped the German police authorities solve this case,” she says.

Microsoft is not the only firm that has resorted to this type of offer in an attempt to track down a cyber crook. Last year, The SCO Group offered a $250,000 for information leading to the arrest and conviction of the people behind the MyDoom worm, and there is a feeling in the IT industry that money could help unlock the traditionally close-knit community of worm and virus writers.Graham Cluley, senior technology consultant at security specialist Sophos, believes that other firms could follow the Microsoft and SCO lead. “We may see other companies trying it –- it’s in their interests to see these guys get caught,” he says. “Anything which discourages virus writers or makes them more paranoid has got to be good news.”

However, Cluley is unconvinced that cash will help loosen the tongues of hardened cyber criminals. “We’re seeing more organized crime groups now writing malware and they may be less likely to blab or brag on message boards,” he says.

— James Rogers, Site Editor, Next-Gen Data Center Forum