May 11, 2004

Sassy Teenager Stars in Virus Soap

In what is rapidly becoming an Internet soap opera, an alleged writer of the Sasser virus, 18 year old Sven Jaschan from Germany, was fingered under the Bounty program initiated by Microsoft a few months back [1]. As predicted, with $250,000 in prize money, an immediate question faces Microsoft: Are the informants in on the game [2] ?

Microsoft insists that "the informant had no connection to the virus writer's work, and say they wouldn't pay a reward to anyone who had helped author the computer virus." Others are skeptical, both of the incident and the benefit of the program [3].

Says one person: "In the last 15 years we've had 30 or 40 arrests of these people worldwide, and yet we still get 15 more of these (viruses) every week." The power of perception remains foremost here as all reporters routinely ignore the underlying structural weaknesses in the Microsoft platform that is being hit by virus after virus. Perhaps that story is stale.

The German authorities released the author immediately, when they discovered that his intentions may have been honourable [4]. He was just helping his Mom, the papers say, and he deserves a medal, not prison:

' Despite the damage to millions of computers, one leading German newspaper said in a page one commentary Monday there was a strange sense of national pride that a German student had outwitted the world's best computer experts. "Many of the (German) journalists who traveled to the province could not help but harbor clandestine admiration for the effectiveness if the worm," Die Welt daily wrote.'

American virus company NAI immediately responded with a call for new laws:

'Jimmy Kuo, a research fellow with antivirus software maker NAI .... said that additional laws may be necessary to dissuade virus writers from releasing their programs onto the Internet. "We would hope that there could be laws that would prohibit the posting of malicious code," Kuo said. "Sasser was partially written by some malicious code that was downloaded by the Internet." [5]'

They had their chance in 1945. But, there is good news - at least Microsoft announced a few years ago that security is its goal. I see no evidence in the browser market that they are serious, but I suppose we'll know more in 15 more years [6].

Addendum: It seems that a week later, Police probe Sasser informant the informant was already on the way to losing his bounty. Question is, what happens now? What's the point in informing on a virus writer if your life gets turned upside down on the suspicion that you are in cohoots? Safer to go find some other line of work...

[1] "'Sasser e' rears its head", 11 May 2004.
[2] "The Good, The Bad, and the Ugly", 09 November 2003.
[3] "Experts pessimistic on deterrent effect", 10 May 2004.
[4] "German Net Worm Writer May Have Been Helping Mom", 10 May 2004.
[5] "Fifth Sasser 'released before arrest'", 11 May 2004.
[6] "Cost of Phishing - Case in Texas", 05 May 2004.

Posted by iang at May 11, 2004 07:07 AM | TrackBack