Paying bounties to track down and prosecute writers of computer worms no longer works, according to security experts at Symantec.

Microsoft has stated, however, that it expects to continue the reward programme that helped to convict Sven Jaschan, the author of Sasser and Netsky.

Symantec believes that the shift is a result of the changing hacking landscape. Worms and viruses are increasingly used for identity theft or to create zombie PCs used to launch distributed denial of service attacks or send spam.

Microsoft recently paid $250,000 to two individuals for information that led to the arrest and conviction of Jaschan. The German teenager wrote the Sasser and Netsky worms that caused billions of dollars worth of damage worldwide.

The reward was considered instrumental in Jaschan's arrest. Microsoft launched the programme in 2003 and Jaschan's was the first case closed as a result of the initiative.

Microsoft offered three additional rewards in November last year for large-scale worms including Sober, and the bounties proved helpful in gathering information, according to Lou Gellos, a spokesman for Microsoft's online safety programme.

"The reward programme has dramatically increased the flow of information to law enforcement agencies," Gellos told vnunet.com.

But the number of large-scale worm outbreaks that qualify for a reward is rapidly decreasing. Jaschan's case was considered as child's play that got out of hand, and he was eventually turned in by two friends who decided to cash in on Microsoft's reward.

Today's biggest internet threats do not come from Sasser-like worms, however. The number of so-called 'category 3' internet threats like Sasser is declining, according to data from Symantec.

David Cole, director of product management for Symantec Security Response, explained that only three security threats have qualified this year, compared with 43 in 2004.

"It is calming down from a perspective of very large threats. But we are seeing a large increase in the number of variants and small tweaks and adjustments in worms," he told vnunet.com.

The shift is caused by a hacking scene that has turned professional, according to Cole. "There used to be a lot more cyber-vandalism; now we are seeing genuine crime," he said.

Criminals today will pay up to $100 for identity data, depending on the richness and completeness of the information. Combinations of social security number, credit card number and home address are considered more valuable than just a credit card number.

Today's botnets comprise a few thousand PCs and are rented out for several hundred dollars a week.

As a result, the quality of a computer worm has become more important than the number of systems it infects. And virus writers are making small adjustments to existing malware in an effort to slip past virus filtering software.

Cole expects that the decline in large-scale worm outbreaks is permanent and that hackers will continue to use sophisticated small-scale attacks.

This will make it more difficult to pick worms that justify putting a bounty on the author's head, according to Cole.

"We are moving out of the Wild West mode where we put bounties on people's heads, to a more traditional law enforcement model that mimics what we have outside cyber-space," he said.

While Gellow acknowledged that cyber-crime has become more professional and harder to track, he maintained that Microsoft's reward programme can help in tracking down worm authors.

"Maybe the prime source of information on the perpetrators is someone close to them," he said. "Then the reward programme becomes an incentive and a deterrent at the same time."