Advertisment

Teenage author of Sasser captured

author-image
CIOL Bureau
Updated On
New Update

Kerstin Doerr

Advertisment

HANOVER: German police have arrested an 18-year-old man suspected of creating the "Sasser" computer worm, believed to be one of the Internet's most costly outbreaks of sabotage.

Spokesman Frank Federau for Lower Saxony police said the man was arrested on Friday and he admitted to programming the worm but they did not know if he had created all the versions of it.

"He made a confession and the experts at Microsoft have now confirmed that he was the cause of this worm," said Federau. He said he did not have any details of how the suspect was found.

Advertisment

Surprised at the rapid developments, security experts said this could be the single biggest arrest yet in bringing down a virus-writing gang.

Federau said that the schoolboy, who lived with his parents near the central German town of Rotenburg, did not have any links with organised crime. But the spokesman could not confirm if the suspect had ties to other worm programmers.

All the teenager's computers were confiscated by police but the suspect himself was not in custody, Federau said.

Advertisment

Sasser, a tenacious computer worm, is expected to infect millions of machines before it runs its course.

Since appearing a week ago, it has wreaked havoc on personal computers running on the ubiquitous Microsoft Windows 2000, NT and XP operating systems, but is expected to slow down as computer users download anti-virus patches.

The computing underground responsible for hatching worms and viruses has proved a difficult ring to crack for law enforcement.

Advertisment

"Hopefully this arrest will limit their activities," said Mikko Hypponen, Anti-Virus Research Director at Finnish data security firm F-Secure. "If we can start catching these guys it will certainly put more pressure on existing virus writers."

BIGGEST ARREST YET?

From the outset, Sasser baffled security experts. Unlike the most recent digital outbreaks, Sasser was programmed simply to spread and knock out computer networks, not take over machines and possibly steal the information stored on them.

Advertisment

The prevailing theory was the same gang behind the prevalent two-month-old Netsky virus wrote Sasser. German newsmagazine Der Spiegel said the German schoolboy was also suspected of creating a variant of the Netsky virus.

The police spokesman said he could not confirm that and said police were still investigating the suspect's links to a Netsky variant.

Pieces of code found in a recent version of Netsky made references to Sasser. Typically, such clues generate the biggest leads for authorities in hunting down culprits.

Advertisment

Previous versions of Netsky, for example, were programmed to attack the Web site for an education server in the German state of Lower Saxony where the German suspect lived, security officials point out.



If the Sasser author is part of the Netsky group, which calls itself the "Skynet anti-virus group" this could be the most important arrest yet in cracking virus-writing crime.

"The police may just have cracked the Netsky gang with this arrest. The whole ring may be broken wide open," said Graham Cluley, senior technology consultant at Sophos Plc, a British-based security outfit.



Home users, corporations, and government agencies throughout Europe, North America and Asia have been hit. Once infected, the vulnerable PC reboots without warning as the compact program hunts for more machines to infiltrate.

The economic toll of Sasser may never be known, but it has claimed some big scalps, including Germany's Deutsche Post and Britain's coastguard stations and investment bank Goldman Sachs.

(Additional reporting by Bernhard Warner in London)



© Reuters

tech-news