One hot day in August 2003, Peter Fifka sat in a rental car in the Czech city of Brno. He was hunting "Benny," a member of the notorious 29A computer-virus-writing group. Internet searches had turned up a photo of Benny and enough clues to his whereabouts that Mr. Fifka had narrowed down a likely address to a few streets.

Mr. Fifka says he was about to start asking neighbors if they knew the man in the photo when his quarry walked out of a nearby house. Mr. Fifka tailed Benny for the rest of the day, at one point following him into a shop, where he stood next to the suspected virus writer as he bought mineral water and bread.

Mr. Fifka soon tipped off the Czech police, who launched their own probe. Last November, the police raided Benny's home and seized several computers and data-storage files. While he hasn't been charged or arrested, the Czech police say Benny is being investigated in connection with several viruses, marking one of the first times the Czech Republic has tackled a virus-writing case.

Mr. Fifka isn't a cop. He works for Microsoft Corp.'s Internet Safety Enforcement Team. Created in 2002, the group is part of the U.S. software giant's intensifying efforts to combat cyber crime at a time when consumers and businesses are becoming increasingly frustrated with fraud and virus attacks on their personal computers, most of which use Microsoft's Windows operating system.

As Internet crime proliferates, law enforcement is relying more on the private sector to help counter it. That's because tracking cyber criminals requires a different set of skills than police have traditionally used. Compounding the challenge is the speed at which new online threats are morphing.

Microsoft brings huge resources and technical expertise to the table, ranging from decrypting files to analyzing computer code. Through its security team, including Mr. Fifka, the company collaborates with police world-wide. Last month, Microsoft worked with the Federal Bureau of Investigation and authorities in Morocco and Turkey to trace suspects behind the "Mytob" and "Zotob" worms, which recently disrupted computer networks. In less than two weeks, two people were arrested. Microsoft's assistance "was essential," says David Thomas, head of the FBI's computer-intrusion section.

Microsoft's cooperation with law enforcement is unusual. Companies are often reluctant to call in police to solve computer-related crimes, fearing business disruptions and bad publicity if computers are seized. Only about a third of U.S. cyber-crime cases are reported, says the FBI.

Some police departments are wary about Microsoft aggressively pushing its own agenda. Others criticize it for offering cash rewards, arguing that encourages individuals to report information to Microsoft rather than to police.

The Justice Department says the company doesn't influence its investigations. Microsoft is not "driving law enforcement's priorities," says Christopher Painter, deputy chief of the department's Computer Crime Section.

Microsoft's efforts also haven't stemmed the thousands of new viruses and worms that appear every year, even though arrests of virus writers have increased. In the past 12 months, Microsoft has made about 75 referrals to law enforcement around the world. It has also filed 243 civil actions related to Internet safety threats, such as spam. But Mr. Fifka acknowledges he is often two steps behind the hackers. "The reality is that people will always try to find new ways to commit crimes," he says.

Microsoft has a lot at stake. It potentially stands to lose its reputation and millions of dollars if customers defect to alternative software suppliers. Security experts have criticized the company's software as particularly vulnerable, and say Microsoft has focused on features at the expense of security.

Viruses caused businesses world-wide $17.8 billion in damages last year including the cost of repairing systems and lost business, estimates Irvine, Calif., research firm Computer Economics. Microsoft's Windows, which dominates PCs with a more-than-95 percent market share, is the company's biggest moneymaker and generated $12.2 billion in revenue for the 12 months ended June 30.

The company created a $5 million bounty fund in 2003 for tips that lead to arrests of virus writers. In July, the company said it would pay its first $250,000 reward to two informants who helped identify the author of a worm known as Sasser, which damaged computer networks world-wide last year. Microsoft is targeting virus writers and others who increasingly use malicious code for financial gain through identity theft, hawking counterfeit goods and other crimes.

Microsoft's Enforcement Team employs 65 people world-wide, including former policemen, lawyers and paralegals. The group, which gets a seven-figure annual budget, has 25 investigators including Mr. Fifka.

Mr. Fifka, 44 years old, began his career as an analytical chemist in his native Slovakia, researching antibiotic drugs. He joined the Slovak national police's forensic unit as a drug specialist in 1987. In 1995, he took a job with Interpol, the international police group based in Lyon, France, where he investigated drug smuggling and human trafficking.

Microsoft hired him in 2001 to combat software counterfeiting. Mr. Fifka's role soon evolved into fighting hackers and virus writers who work with counterfeiters and spammers in Eastern Europe. The region is a cybercrime hotbed, experts say, because of a large pool of technical talent and a dearth of jobs.

Working from Microsoft's Paris office, Mr. Fifka gathers intelligence on suspects and tries to lure them into the real world where police can nab them. He often trawls the Internet for clues to the identities of digital villains, mining discussion forums in different languages. It helps that he speaks six languages, including Russian and Hungarian. "Many people say it is easy to be anonymous" on the Internet, he says. "It's not true."

Many cyber criminals leave digital trails. Emails and Web sites typically carry a unique set of numbers, known as an Internet protocol address, which identifies each computer connected to the Internet. Publicly accessible databases can often provide details about the organization the number is assigned to -- typically an Internet service provider, university or company. Police can then subpoena the organization for the name, address and other details of the person using that computer.

While Mr. Fifka's investigations usually begin in cyberspace, he uses old-school gumshoe tactics to pinpoint a suspect's physical location. He travels around Eastern Europe and Russia, sometimes working with private detectives. Armed with a laptop and a cellphone that rings to the theme tune of the Eddie Murphy movie "Beverly Hills Cop," he says he spends about two-thirds of his time on the road.

Sometimes a lead comes from Microsoft's headquarters, as was the case with Benny in mid-2003. At the time, Microsoft was fending off viruses with names like Slammer and SoBig. In Redmond, Wash., Microsoft's security team was trying to identify virus writers associated with the new threats. After coming across a suspect with the alias Benny, they asked Mr. Fifka to find out more about him.

Over several weeks, Mr. Fifka scanned the Internet and tracked down online postings written by Benny that mentioned Brno, the Czech Republic's second-largest city, and bars he frequented there. That helped Mr. Fifka pinpoint a likely neighborhood.

Mr. Fifka also found an article in Czech on the Internet by someone called Marek Strihavka, who had conducted an interview with a virus writer called Griyo, a member of the 29A group. Someone who had read the interview accused Mr. Strihavka of being Benny in some online feedback.

Mr. Fifka says he then found a Czech book written by Mr. Strihavka titled "Your security and anonymity on the Internet." That cemented his suspicion that Mr. Strihavka and Benny were the same person. Mr. Fifka also found a photo of Mr. Strihavka online from a picture of attendees at an anti-virus conference.

Mr. Fifka flew to Brno in August 2003 and hired a private detective for backup. They rented a car with local license plates so as not to attract attention and drove to the neighborhood where they believed Mr. Strihavka lived. After spotting Mr. Strihavka and tailing him, Mr. Fifka told the Czech police about Benny's identity and virus-writing activities.

Over the next year, the Czech police conducted their own probe. When Czech prosecutors ordered the raid of Mr. Strihavka's house last year, they suspected him of having written the Slammer virus. A spokeswoman for the Czech police says that, after further investigation, Mr. Strihavka doesn't appear to be the author of Slammer, but he is still being investigated in connection with other viruses.

Mr. Strihavka, 23, says via email that he didn't write Slammer. He adds that he has left the 29A group, which is known in cyber-security circles for creating viruses. He admits writing code for other viruses but says he didn't spread them.

Mr. Fifka says it's too early to rule on the case but notes it shows Czech police are paying attention to cyber crime. Stanislav Kovarnik, a Czech policeman on the case, says it is among the country's first investigations of virus writers.

Mr. Fifka says he often juggles 15 to 20 cases at a time. Some of his work involves educating authorities on new virus trends. In 2003, for example, he flew to the United Kingdom to teach police about a worm called Randex, which Scotland Yard and Microsoft suspected was being spread from England.

The Randex worm was part of a new family of viruses known as bots. A bot virus allows people to hijack thousands of far-flung computers and marshal them for a specific task, such as overrunning a Web site with traffic to disable it. The Randex worm was being used to send spam from numerous computers at once.

Mr. Fifka briefed U.K. police on how criminals in Russia and elsewhere used bots to make money, such as through hawking counterfeit goods with spam. He explained how bot-controlled networks of computers could be rented online from cyber criminals and what their going price was -- between a few cents and $1 per machine.

After the suspected Randex worm writer and his computer was seized around January 2004, Microsoft flew technical experts to London to provide forensic expertise. Scotland Yard credits Microsoft with helping to convict a British and a Canadian teenager for releasing the worm. The Canadian teen received a six-month suspended sentence last November. A month later, the British teen got a nine-month suspended sentence, the equivalent of nine months of probation. British and Canadian police wouldn't release their names because they are minors.

Mr. Fifka is also combating traditional crimes like software-counterfeiting, which are increasingly migrating to the Internet. In one of his cases last year, Microsoft was alerted by two German consumers that an outfit called SoftHome Trading International was selling suspicious copies of Windows on online auction site eBay Inc.

After some colleagues in Germany purchased the software and ascertained it was fake, Mr. Fifka was assigned to track down the counterfeiters. The envelopes in which the software was mailed and payment details of the transaction yielded clues: two Latvian names, a Latvian address and a German bank account. An eBay search showed Mr. Fifka the scale of the operation. SoftHome's publicly accessible transaction history displayed at least 800 messages from customers giving feedback on their dealings with SoftHome.

Building on Mr. Fifka's work, Microsoft and eBay provided information to help Latvian police trace the suspected counterfeiters. SoftHome, it turned out, had made more than 3,000 sales of counterfeit Microsoft software since 2001, according to people familiar with the matter. Selling counterfeit discs for between around $55 to $150, the operation earned some $250,000 from illicit sales, these people said.

In May, the Latvian police raided an apartment in Riga that they suspected was connected to SoftHome. They found more than 250 discs of real and counterfeit Microsoft software, as well as fake product manuals, packaging materials and holograms. Two men, identified as Aleksandrs R. and Jurijs V., were arrested. They are being detained but haven't been charged. As is Latvian custom, authorities would only provide the first initials of the men's last names.

Latvian police say counterfeiting is a criminal offense with penalties ranging from a $10,800 fine to two years in prison. SoftHome sales via eBay may have cost Microsoft as much as $1 million in lost revenue, the company says. Because sellers often meet customers through eBay but then conduct transactions outside of the Web site, counterfeit sales on eBay typically account for a fraction of the total, Microsoft says.