London man charged with making virus

[InfoSec News <isn () c4i org>]

http://rtnews.globetechnology.com/servlet/ArticleNews/tech/RTGAM/20020919/gttorn/Technology/techBN/

Reuters News Agency
September 19, 2002

London - Police arrested a 21-year-old man suspected of writing the
malicious "T0rn" virus that attacked Linux computer systems, the
culmination of a year-long joint investigation involving British and
U.S. authorities.

A spokesman for Scotland Yard told Reuters Thursday that officers from
its Computer Crime Unit working with the FBI arrested the man Tuesday
at his home in Surbiton, southwest of London, as part of an
investigation into the writing and distributing of the bug.

"Computer equipment was seized from a residential property and a
21-year-old man was arrested under the Computer Misuse Act 1990," he
said, adding that the man was released on bail pending further police
investigation.

The arrest of virus writers is a rare victory for law enforcement, and
police have hailed this case as an important step in the war against
cyber crime.

Police would not immediately identify the man or release further
details.

T0rn, which later was modified by a Chinese virus-writing group to
create another worm known as Lion, circulated in the digital wild for
much of 2001, but did relatively little harm.

Computer security experts consider T0rn to be the first Trojan
horse-style virus — meaning it masquerades as legitimate software —
written expressly to harm Linux users.

T0rn was not as menacing as the Code Red, Sircam and Nimda worms and
viruses, which caused hundreds of millions of dollars in damage to
corporate computer networks worldwide last year.

T0rn targeted computer users with Linux-based software systems, a much
smaller segment of the computing market.

"As far as I recall, it never appeared on any of our top-10 most
active virus lists," said Graham Cluley, senior technical consultant
with the British antivirus software maker Sophos.

Nevertheless, the law-enforcement and computer security communities
regard the arrest as significant.

A combination of factors, including the lack of computer security laws
in most countries, inexperienced police units, plus an unwillingness
to get corporate victims to co-operate with investigations, has
resulted in few successful prosecutions — though more arrests have
been logged of late.

In Britain, the virus writer is something of a dying breed. "It isn't
completely dead, but we're not seeing much of it," Mr. Cluley said,
adding that most forms of malicious code typically are written in the
relatively lax legal regimes of South America, Southeast Asia and the
Philippines.




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.