stop the crime. monitor the criminals. defend the Net.

    vectorblog  about  contact

MSN Search

 

 

 

 

 

 

 


Bountiful: Jaschen's Sentence and Microsoft Bounties              

infectionvectors.com

July 2005

 

Overview

 

In April of 2004, one of the fastest-spreading worms in Internet history flew from machine to machine exploiting a barely month-old vulnerability in the Windows operating system. The worm, known as Sasser, was the work of a German teenager, later identified as Sven Jaschen. Just over a year later, Mr. Jaschen has been sentenced to 30 hours of community service and 21 months of probation as his punishment for his role in this attack (and for the costly Netsky mass mailer, which he also confessed to creating and releasing). Although 2004 was a banner year for capturing malware authors, most of these criminals are still out of reach of law enforcement. Jaschen was captured, in large part, because of a large bounty Microsoft placed on the Sasser worm’s author.

 

Rewards for All

 

Microsoft created the bounty program in 2003, in the wake of devastating attacks from Blaster and Welchia. Although it has become popular to use the term “bounty” for the monetary incentives offered by the software company, Microsoft actually describes the system as the “Anti-Virus Reward Program.” The initial offers were offered to catch the authors of the Blaster worm and the mass mailer Sobig. As of yet, no one has been captured as a result of those offers. 

 

In May of 2004, after a wave of Sasser attacks (the worm was released in multiple iterations), Microsoft reports they were approached about the possibility of receiving a reward similar to the others posted for the capture of the worm’s author. Although the money was certainly the catalyst for the decision to turn in Mr. Jaschen, it is important to note that no one has been arrested because of a public offer made by Microsoft. The information provided to Microsoft, the FBI, and German law enforcement led to Mr. Jaschen, a 17-year-old student in Germany.

 

In July of 2005, after the sentencing of the Sasser author, Microsoft confirmed that the reward had been paid, the first time such a bounty has been issued. It is alleged that the recipients of this reward are/were friends of Mr. Jaschen’s. Since his arrest, Mr. Jaschen has been given a job by a company that makes security products, profiled in a high tech magazine, and turned 18. The arrest has given him exactly what he set out to achieve: notoriety. The Netsky/Sasser attacks do not show signs of being launched for financial gain, and that motive has never been alleged by German authorities. Far from the “professional” malware coder seen behind worms like Beagle, Jaschen seemed interested only in proving himself as a programmer and fighting malicious software (such as Beagle and MyDoom). Will the new-found celebrity treat Jaschen as well as it did Kevin Mitnik? Time will tell, but regardless of that, the lenient sentence for the Sasser/Netsky author will do little to discourage other malware coders.

 

 

References

 

Microsoft Announces Bounty

“Microsoft Announces Anti-Virus Reward Program”

http://www.microsoft.com/presspass/press/2003/nov03/11-05AntiVirusRewardsPR.mspx

 

“Microsoft Reward Program Helps Lead to Information Resulting in Arrest Related to Sasser”

http://www.microsoft.com/presspass/press/2004/may04/05-08SasserTelePR.mspx

 

“Virus writers elude Microsoft’s bounty hunt.” CNET News.com Robert Lemos, 5 November 2004.

http://news.com.com/2100-7349_3-5439456.html

 

Copyright Ó 2005 infectionvectors.com. All rights reserved.