Germans arrest 'Sasser' virus suspect

Click to follow
The Independent Online

The arrest in Germany of two men suspected of writing crippling computer worms may help take down the most prolific virus-writing group ever, security experts said yesterday.

The arrest in Germany of two men suspected of writing crippling computer worms may help take down the most prolific virus-writing group ever, security experts said yesterday.

One, a high-school student suspected of created the Sasser worm, was arrested late on Friday at his parents' home in the Hanoverian town of Waffensen. The other suspect is a 21-year-old. Neither has been identified.

The 18-year-old is reported to have confessed to creating the Sasser worm. He thus conforms to the conventional profile of the virus creator: the lone, late-teenager, sitting quietly in a bedroom in his parents' house tapping out the code with which he hopes to disrupt an unsuspecting world.

Police later said that they had acted on a tip-off from Microsoft, whose Windows software was targeted. The German newsweekly Der Spiegel reported that the CIA and the FBI were involved in the hunt. It identified the worm's creator as "Sven J".

The impact of his creation must have exceeded his wildest hopes. In the past week, Sasser has raced around the world, exploiting a flaw in Windows. It has become one of the internet's most costly acts of sabotage.

On Monday, the worm hit hospitals in Hong Kong, the Brussels headquarters of the European Commission, one-third of Taiwan's post office branches and the French Stock Exchange. In Finland, the Sampo Bank had to close all of its 130 branches for several hours because of Sasser-related problems.

Twenty British Airways flights were delayed on Tuesday owing to trouble at check-in desks, while UK coastguard stations had to revert to pen and paper to compile and apply data to charts normally generated by computer.

The same day, Westpac, a major Australian bank, was hit by Sasser, and, in the US, American Express, Associated Press, two leading universities, and a major hospital were among the victims. Sasser-related problems at Delta Airlines forced the cancellation and delay of some flights.

The German government's information technology security agency said there were four versions of Sasser. A spokesman, Michael Dickopf, said he didn't know whether the arrested teenager was responsible for all of them. "The first version was amateurish," Mr Dickopf said. However, the others "were clearly different in the damage they caused".

The Sasser worm attacks recent versions of Microsoft Windows and from the outset has baffled computer experts. Unlike most recent digital outbreaks, it was not designed to take over machines and, possibly, steal data.

It does not destroy or corrupt data or hard disks, but can slow them down while it uses them as a host to replicate itself and seek out other computers with a security flaw.

Home users are believed to have been particularly hard-hit, partly because they lack firewalls, the software that acts as a line of defence from the outside world.

Computer worms, unlike viruses, are independent of other programs running on a PC and do not, for instance, require users to open an email attachment to be activated.

Comments