|Was Sven Jaschan's identity revealed to Microsoft by one of his fellow students?|
According to reports in the German media, the person who gave Microsoft valuable information which lead to the arrest of Sven Jaschan, the suspected author of the Sasser worm, may themselves be under suspicion.
It has been widely reported that the German office of Microsoft was approached on Wednesday 5 May by someone inquiring about whether a cash award was available for information leading to the capture of Sasser's author. According to Microsoft $250,000 was duly offered.
As well as Sven Jaschan, five other students at Jaschan's college are also being investigated. According to the German-language Focus news magazine, one of these five students was involved in passing information to Microsoft about Jaschan, and is now being investigated concerning computer sabotage.
Speaking of the five students who have been questioned and had their houses raided and computer systems examined, the public prosecutor's spokesman Detlev Dyballa was reported as saying: "I cannot rule out that these include the person who has tipped off Microsoft about the author of Sasser."
The person suspected of informing Microsoft has been reportedly named only as "Marle B". Dyballa refused to give more detailed information as the investigation continues.
Microsoft spokesman Thomas Baumgärtner has said that the software giant will not hand out a reward to those involved in the crime: "If they were involved in the Sasser case, they won't get anything".
"Mystery continues to surround the identity of the Sasser informants, and security experts have publicly speculated that maybe they are involved in the computer underground," said Graham Cluley, senior technology consultant for Sophos. "If Sven Jaschan's identity as the author of Sasser was revealed by one of his fellow students then it's possible there was a violent disagreement between those engaged in spreading the viruses."
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.