Microsoft: Separate trail led to second virus writer

Microsoft followed the lead of German informants to nab a second virus writer suspected of releasing the Agobot program.

By Robert Lemos
Staff Writer, CNET

Microsoft confirmed on Monday that German authorities had arrested a man suspected of writing and releasing a program widely used to compromise and surreptitiously control computers on the Internet.

The program, known as Agobot, has caused concern among many security experts because it allows a single individual to control a vast network of computers, potentially as a means to attack Internet sites. The coder was captured Friday, the same day that an 18-year-old man, also a resident of Germany, was arrested for creating all five versions of the Sasser worm.

While Microsoft aided in both cases, the two investigations were separate, said Hemanshu Nigam, a corporate attorney for the software giant.

"Two different paths led to two different cases which resulted in arrests around the same

Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.

time," he said. The investigation into the identity of Agobot's author is ongoing, and there could be more arrests, said Nigam, who would not elaborate. Other suspects were arrested in the Agobot case, according to press reports, but Nigam would not confirm the arrests.

The two arrests possibly put into custody the creators of the two largest threats on the Internet—the Sasser worm and the widespread Agobot—and represent a big win for the software giant's efforts to dissuade attacks on its customers. The suspected author of the Sasser worm has also claimed to have written all 28 variants of the mass-mailing computer worm known as Netsky, another program that has plagued Microsoft Windows users, said Nigam.

More on Sasser Outbreak
Reward snags Sasser suspect
Over 500,000 infections
Prevention and cure
Microsoft on how to prevent infection

Though Microsoft had not announced any reward for information about the person or group that released, and presumably wrote, the Sasser worm, a group of informants approached the software giant's German office last Wednesday and inquired about whether such a cash award would be paid.

Microsoft promised it would be, and believes that the informants aren't otherwise involved in the case.

"We are comfortable" with their story, said Nigam.

The arrest of the alleged creator of Agobot didn't come from informants, he added, but from other, unspecified, leads. Moreover, contrary to what some press reports had to say, Nigam did not believe that the person penned a variant of Agobot known as Phatbot. That program adds peer-to-peer capabilities to the original program.

Nigam also refuted press reports that the latest variant of Sasser, Sasser.E, came out after the 18-year-old German resident was arrested. The suspected Sasser author apparently confessed to releasing a fifth version of the worm a week ago.

Editor's Picks

Free Newsletters, In your Inbox