An 18-year-old German man has confessed to authoring the recent Sasser Internet worm, which is thought to have infected tens of millions of PCs across the world.
Ken Dunham, director of Malicious Code at iDefense, says three arrests were reportedly made in Germany in connection with the Sasser and Phatbot/Gaobot worms, following information passed on to the police by community members. One of those arrested, a computer science student who turned 18 last month, has confessed to authoring the Sasser and Netsky-AC malicious code.
The German police report that the arrest came after a group of people from his home state of Lower Saxony approached Microsoft asking about reward money should they turn in the man. Microsoft has previously put bounties of up to $250 000 on the heads of other notorious virus writers. Microsoft general counsel Brad Smith says the company had agreed to pay the informants if there is a conviction.
The police described the suspect as a highly intelligent "computer freak" living with his parents.
"We are absolutely certain that this really is the creator of the Internet worm because Microsoft experts were involved in the inquiry and confirmed our suspicions and because the suspect admitted to it," says Frank Federau from Lower Saxony police.
The man was later set free because there was no evidence to suggest he was a repeat offender, police said.
Anti-virus firm Sophos says more arrests could follow, since there appear to be links between the Sasser worm and the many Netsky worm variants that infested PCs in recent months.
"The Sasser worm has been bombarding vulnerable computer systems with the most significant virus attack of 2004 since it first emerged a week ago," says Brett Myroff, CEO of local Sophos distributor, Netxactics.
"Seizing this man`s computers could provide the vital clues which may break open the underground worm-writing network which has been responsible for not only Sasser, but the Netsky worms too."
"If you scrutinise the most recent Netsky worm, you can see that the author embedded a taunt to anti-virus companies, bragging that he also wrote the Sasser worm. If this is the case, this could be one of the most significant cybercrime arrests of all time," adds Myroff.
"All these worms have been highly disruptive and complex, suggesting that the author isn`t working alone. Seizing this man`s computers could provide the vital clues which will bring down the infamous `Skynet` virus-writing gang. We would not be surprised if more arrests may follow in due course," says Myroff.
Congratulating law enforcement and international authorities on the arrests, Dunham says: "These arrests will hopefully curb the never-ending worm war of 2004. I don`t believe that the authorities have been able to nab all the bad guys in this worm war, but this is a great start."
Myroff adds: "The arrest of the suspected author of the Sasser virus is encouraging, but more important is the sentence this person receives if found guilty. A long prison term will be the only way to have these arrests act as any sort of deterrent to other virus writers."
Related stories:
Mutated-Sasser fears
Sasser explosion linked to Netsky
New worm straight from the Net
Share