Sasser worm suspect confesses to German
police
News Story by James Mackenzie, Computerworld
MAY 08, 2004 (REUTERS) - German police have arrested an
18-year-old man who confessed to creating the "Sasser"
computer worm, believed to be one of the costliest Internet
attacks. In what police called the largest case of its kind, the
computer science student was arrested on yesterday after software
giant Microsoft gave German authorities a tip-off, police said.
"We are absolutely certain that this really is the creator
of the Internet worm because Microsoft experts were involved in
the inquiry and confirmed our suspicions and because the suspect
admitted to it," said Frank Federau from Lower Saxony police.
Microsoft, the FBI and German police had worked together to
find the suspect.
Police described the suspect as a highly intelligent
"computer freak" living with his parents.
They said the man, who they declined to name, studied computer
science at a vocational school and he got his "passion for
programing" from his family's computer services business.
It was the lure of cash that proved the man's undoing. A group
of individuals from his home state of Lower Saxony approached
Microsoft on Wednesday inquiring about reward money should they
turn in the man, Microsoft said.
The firm has put bounties of up to $250,000 on the heads of
other notorious virus writers. Microsoft general counsel Brad
Smith told reporters the company agreed to pay the informants if
there is a conviction.
Ruediger Butte, head of the State Crime Office in Lower Saxony,
said Microsoft contacted German police yesterday. Police arrested
the man the same day near the central German town of Rotenburg and
he confessed during the afternoon.
He was later set free because there was no evidence to suggest
he was a repeat offender, police said.
Police believed he created all variants of the Sasser worm, a
destructive program that has claimed big scalps, such as Germany's
Deutsche Post and Britain's coastguard stations.
Heiner Wilhelm from Lower Saxony police said the suspect was
not aware of the extent of the damage he had caused. "He had
become worried about the impact but he hadn't reckoned on our
turning up," he told a news conference in Hanover.
When police went to the man's house they found a home-built
computer which contained the source code used to run Sasser.
State prosecutors said the man could be tried in a youth court
because he turned 18 only on April 29 and was possibly a minor
when he committed the crime of "computer sabotage."
The crime carries a maximum sentence of five years'
imprisonment if tried in adult court, but state prosecutor Helmut
Trentmann said he could not specify the maximum penalty the
suspect could get. Police said it appeared the man acted alone but
communicated with other programers. He told officers he wanted to
create an anti-virus to other viruses like Mydoom and Bagle.
The man said he created the worm Netsky to fight the viruses
but encouraged by all his friends he developed it further and
Sasser was created as a modification of Netsky, police said.
Since appearing a week ago, Sasser has wreaked havoc on
personal computers running on the ubiquitous Microsoft Windows
2000, NT and XP operating systems, but is expected to slow down as
computer users download anti-virus patches.
From the outset, Sasser baffled security experts. Unlike the
most recent digital outbreaks, Sasser was programed simply to
spread and knock out computer networks, not take over machines and
possibly steal information stored on them.
Home users, corporations, and government agencies throughout
Europe, North America and Asia have been hit. Once infected, the
vulnerable PC reboots without warning as the compact program hunts
for more machines to infiltrate.
