Microsoft: Separate trail led to second virus writer

By Robert Lemos
Posted on ZDNet News: May 10, 2004 11:51:00 PM

Microsoft confirmed on Monday that German authorities had arrested a man suspected of writing and releasing a program widely used to compromise and surreptitiously control computers on the Internet.

The program, known as Agobot, has caused concern among many security experts because it allows a single individual to control a vast network of computers, potentially as a means to attack Internet sites. The coder was captured Friday, the same day that an 18-year-old man, also a resident of Germany, was arrested for creating all five versions of the Sasser worm.

While Microsoft aided in both cases, the two investigations were separate, said Hemanshu Nigam, a corporate attorney for the software giant.

"Two different paths led to two different cases which resulted in arrests around the same



		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

time," he said. The investigation into the identity of Agobot's author is ongoing, and there could be more arrests, said Nigam, who would not elaborate. Other suspects were arrested in the Agobot case, according to press reports, but Nigam would not confirm the arrests.

The two arrests possibly put into custody the creators of the two largest threats on the Internet--the Sasser worm and the widespread Agobot--and represent a big win for the software giant's efforts to dissuade attacks on its customers. The suspected author of the Sasser worm has also claimed to have written all 28 variants of the mass-mailing computer worm known as Netsky, another program that has plagued Microsoft Windows users, said Nigam.

Though Microsoft had not announced any reward for information about the person or group that released, and presumably wrote, the Sasser worm, a group of informants approached the software giant's German office last Wednesday and inquired about whether such a cash award would be paid.

Microsoft promised it would be, and believes that the informants aren't otherwise involved in the case.

"We are comfortable" with their story, said Nigam.

The arrest of the alleged creator of Agobot didn't come from informants, he added, but from other, unspecified, leads. Moreover, contrary to what some press reports had to say, Nigam did not believe that the person penned a variant of Agobot known as Phatbot. That program adds peer-to-peer capabilities to the original program.

Nigam also refuted press reports that the latest variant of Sasser, Sasser.E, came out after the 18-year-old German resident was arrested. The suspected Sasser author apparently confessed to releasing a fifth version of the worm a week ago.

SponsoredWhite Papers, Webcasts, and Downloads

Smarter ways to make smarter products IBM Smarter Products is about creating products that integrate into our lives ... Download Now
Security Explorer for File Servers Version 7.0.23 ScriptLogic Security Explorer is a powerful, graphical solution for real-time ... Download Now
INNOV8 2.0: A Business Process Management Simulator IBM Innovate your business' process model, play against the market, compete ... Download Now

Talkback
Most Recent of 35 Talkback(s)

Thread View
Flat View

"Just like the Corvair of years past...": First, you need to get your facts straight. It was the Ford Pinto that had the gas tank issue...it was the FIRST version of the Corvair rolled over when pushed to its limits. That was corrected in lat... (Read the rest); Posted by: IT_Guy_z Posted on: 05/13/04 You are currently: a Guest | Log in | Terms of Use