Redmond, Wash., May 8, 2004 — Microsoft Corp. today commended German law enforcement for its prompt arrest relating to the Sasser worm and confirmed that the companys anti-virus reward program investigators had worked with informants on the case during the past week. German authorities were able to arrest the alleged perpetrator of the Sasser worm within seven days of its launch, based on fast action by local police and broad cooperation among German law enforcement agencies, the FBI and Secret Service in the United States, and Microsoft.
Brad Smith, senior vice president and general counsel at Microsoft, confirms with reporters an arrest in Germany of the alleged perpetrator of the Sasser worm virus.
“As this case demonstrates, we will move quickly to support law enforcement worldwide to identify and hold responsible those who break the law by launching viruses and worms targeted at our customers, said Brad Smith, senior vice president and general counsel at Microsoft. The information leading to this arrest resulted in part from Microsofts anti-virus reward program, as well as new technical and investigative techniques we have developed during the past year to address precisely this type of situation.”
Microsoft entered into a partnership last November to create a $5 million anti-virus reward program, supporting Interpol, the FBI, and the Secret Service. Aware of this program, certain individuals in Germany approached Microsoft investigators last week, offered to provide information about the creator of the Sasser virus, and inquired about their potential eligibility for a reward. Microsoft informed the individuals that the company would consider providing a reward of up to $250,000 if their information led to the arrest and conviction of the Sasser perpetrator.
Following this discussion, the individuals provided information to Microsoft and local authorities in Germany. Microsoft reviewed this information and, in conjunction with law enforcement authorities, pursued technical analysis to verify the accuracy of the information provided. The FBI also provided investigative support for German law enforcement.
The investigation led by German police over the past week led to information relating not only to all four variants of the Sasser worm, but also to the Netsky worm, which was launched on Feb. 16, 2004. Ultimately there were 28 variants of the Netsky worm, and German authorities are alleging that all these variants are connected to the individual arrested yesterday.
“We understand that the lure of a cash anti-virus reward program can prompt those with information to come forward and assist law enforcement, Smith said. For this reason, Microsoft decided to reward the informants who provided information vital to this Sasser worm arrest with a reward of $250,000, pending the successful conviction of this case.”
The reward program is just one of several ways that Microsoft is working to help better protect its customers and the industry. In addition, the company is focusing on five key areas:
Technical innovation toward improving the resiliency of computers in the face of threats and improving the ability to isolate worms and viruses
Engineering excellence to improve code quality
Software and hardware advances in authentication, authorization and access control
Improvements to help customers better update their computers and networks when a security update is made available
Prescriptive guidance to help customers secure their computers and networks
Malicious code such as Sasser seldom disappears from the Internet, even once those responsible are brought to justice, and customers should still take steps to both update and clean their computers and networks. Microsoft continues to encourage customers to follow the advice on microsoft.com/protect : use a personal firewall, remain up-to-date on software updates and maintain anti-virus protection.
Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.
Microsoft is a registered trademark of Microsoft Corp. in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://www.microsoft.com/presspass/ on Microsoft’s corporate information pages. Web links, telephone numbers and titles were correct at time of publication, but may since have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://www.microsoft.com/presspass/contactpr.asp .