FBI Hunts for Sasser Author

Gretchen Gallen
WASHINGTON, D.C. – The hunt is on for the author of the latest malicious virus known as Sasser after a four-day massacre (and counting) of the Internet that has left millions of infected computers and networks in its path of destruction.

According to reports out of Washington D.C., Sasser's code is being analyzed by experts for clues on its creator(s). Theories on the origin of Sasser range from criminal hackers in Eastern Europe to a Russian group that some experts believe were involved with launching the Netsky virus, which appeared in 29 different versions.

There is some speculation that Sasser and Netsky are in some way connected because of a message discovered in the coding of a recent Netsky variant claiming responsibility for Sasser.

"They are forensically analyzing the malicious code to help identify and bring to justice those responsible for this," a Microsoft spokeswoman said Wednesday.

Microsoft has not yet announced whether it will post the reward for the capture of Sasser's author. Three months ago the computer giant pledged a $250,000 reward for the capture of virus writers.

"With Sasser, the author seems to be showing off his coding capabilities, but otherwise I have no idea what the motive is," said Raimund Genes, president of anti-virus firm Trend Micro.

Sasser has so far appeared only as four different variants as of its May 1 debut. It has targeted both large and small corporations and businesses as well as individual home users.

The most visibly hit were large corporate entities like American Express, Deutsche Post, Goldman Sachs, the European Commission, British Airways, and the UK Maritime and Coastguard Agency, to name a few, in addition to hospitals, colleges and universities, and social and health service organizations.

In a typical attack scenario, an infected computer reboots without warning as the virus program hunts for more machines to infect. Most at risk are PCs running on Microsoft 2000 or XP platforms.

As of Wednesday morning, Sasser's activity had begun to diminish, according to Internet security experts, although there are concerns that another version of Sasser could appear after a lull and cause an even more severe virus outbreak.