Microsoft bounty snares second virus writer

Microsoft confirmed on Monday that German authorities had arrested a man suspected of writing and releasing a program widely used to compromise and surreptitiously control computers on the internet.

The program, known as Agobot, has caused concern among many security experts because it allows a single individual to control a vast network of computers, potentially as a means to attack internet sites. The coder was captured on Friday, the same day that an 18-year-old man, also a resident of Germany, was arrested for creating all five versions of the Sasser worm.

While Microsoft aided in both cases, the two investigations were separate, said Hemanshu Nigam, a corporate attorney for the software giant.

"Two different paths led to two different cases which resulted in arrests around the same time," he said. The investigation into the identity of Agobot's author is ongoing, and there could be more arrests, said Nigam, who would not elaborate. Other suspects were arrested in the Agobot case, according to press reports but Nigam would not confirm the arrests.

The two arrests possibly put into custody the creators of the two largest threats on the internet -the Sasser worm and the widespread Agobot - and represent a big win for the software giant's efforts to dissuade attacks on its customers. The suspected author of the Sasser worm has also claimed to have written all 28 variants of the mass-mailing computer worm known as Netsky, another program that has plagued Microsoft Windows users, said Nigam.

Though Microsoft had not announced any reward for information about the person or group that released, and presumably wrote, the Sasser worm, a group of informants approached the software giant's German office last Wednesday and inquired about whether such a cash award would be paid.

Microsoft promised it would be and believes that the informants aren't otherwise involved in the case.

"We are comfortable" with their story, said Nigam.

The arrest of the alleged creator of Agobot didn't come from informants, he added, but from other, unspecified, leads. Moreover, contrary to what some press reports had to say, Nigam did not believe that the person penned a variant of Agobot known as Phatbot. That program adds peer-to-peer capabilities to the original program.

Nigam also refuted press reports that the latest variant of Sasser, Sasser.E, came out after the 18-year-old German resident was arrested. The suspected Sasser author apparently confessed to releasing a fifth version of the worm a week ago.

Robert Lemos writes for CNET News.com