A German teenager was convicted yesterday of authoring the so-called Sasser computer worm that attacked Internet users around the world last year, but he avoided jail time because of his age.
The conviction in Germany of Sven Jaschan, now 19, also triggered the first payouts from a $5 million reward fund established by Microsoft Corp. in 2003 for help in tracking down creators of viruses and worms that can crash computer networks and cause extensive financial damage.
Microsoft officials declined to provide information on the informants, who approached the company soon after Sasser was unleashed in May 2004. The two will share a $250,000 bounty, which is payable only after a conviction.
"We're pleased that it all worked," said Nancy J. Anderson, Microsoft vice president and deputy general counsel.
Typically, she said, informants know the criminals or have some direct knowledge of their activities. But she said Microsoft will not pay if the informants were involved in the crime in any way.
Some security experts question the use of bounties, arguing that they only increase the temptation of ego-driven hackers to develop viruses and to evade detection.
Law enforcement officials support Microsoft's program.
Jaschan was 17 when he was arrested about a week after the informants came forward. Yesterday he received a 21-month suspended sentence and was ordered to perform community service at a hospital or nursing home.
Sasser was less vicious than some worms and viruses. Exploiting vulnerabilities in Microsoft's Windows 2000 and XP operating systems, it infected between 500,000 and 1 million machines and often caused them to continually restart.
Post offices in Taiwan were hit hard, as were some airlines. The worm did not leave lasting computer damage, but prosecutors estimated costs from the worm were in the millions of dollars.
Microsoft is offering bounties on one other worm, MSBlast, as well as the Sobig.F and MyDoom viruses.
All caused significantly more damage than Sasser, and some still plague computers.
A Minnesota teenager, Jeffrey Lee Parson, was sentenced to 18 months in prison for creating a variant of the MSBlast worm, also known as Blaster, but he was caught without the help of informants.
The author of the original MSBlast worm remains at large.