Sasser Worm Suspect Confesses to German Police

[Dave Farber <dave () farber net>]

Delivered-To: dfarber+ () ux13 sp cs cmu edu
Date: Sat, 08 May 2004 08:56:36 -0700
From: Ari Ollikainen <Ari () OLTECO com>
Subject: Sasser Worm Suspect Confesses to German Police
To: Dave Farber <dave () farber net>

Sasser Worm Suspect Confesses to German Police

By James Mackenzie

HANOVER, Germany (Reuters) - German police have arrested an
18-year-old man suspected of creating the "Sasser" computer worm,
believed to be one of the Internet's most costly outbreaks of
sabotage.

Spokesman Frank Federau for Lower Saxony police said the man was
arrested on Friday after software giant Microsoft gave police a
tip-off on the source of the destructive worm.

Microsoft itself had previously received anonymous tip-offs on the
worm's creators, Federau said.

"We are absolutely certain that this really is the creator of the
Internet worm because Microsoft experts were involved in the inquiry
and confirmed our suspicions and because the suspect admitted to it,"
he told Reuters in an interview. Microsoft, the U.S. Federal Bureau
of Investigation (FBI (news - web sites)) and German police had all
worked together to find the suspect, Federau said.

Federau said the man, who he described as a highly intelligent
"computer freak" living with his parents, was arrested on Friday near
the central German town of Rotenburg but was later released.

Police said it appeared the arrested man acted alone and there were
no other suspects. The arrested man is suspected of "computer
sabotage," a charge carrying up to five years imprisonment in Germany.

HIGHLY INTELLIGENT COMPUTER FREAK

Since appearing a week ago, Sasser has wreaked havoc on personal
computers running on the ubiquitous Microsoft Windows 2000 (news -
web sites), NT and XP operating systems, but is expected to slow down
as computer users download anti-virus patches.

The computing underground responsible for hatching worms and viruses
has proved a difficult ring to crack for law enforcement.

"Hopefully this arrest will limit their activities," said Mikko
Hypponen, Anti-Virus Research Director at Finnish data security firm
F-Secure. "If we can start catching these guys it will certainly put
more pressure on existing virus writers."

A separate arrest in Southern Germany pointed to the inter-connected
nature of Internet worms.

Police in the southern state of Baden-Wuerttemberg said they had
arrested a 21 year-old unemployed man who confessed to programing the
Internet worm "Agobot" which was later renamed as "Phatbot."

A spokesman for the State Police Office in Stuttgart said the man had
used Sasser to transport Phatbot but there were no indications he was
connected to the Sasser suspect.

From the outset, Sasser baffled security experts. Unlike the most
recent digital outbreaks, Sasser was programed simply to spread and
knock out computer networks, not take over machines and possibly
steal information stored on them.

Home users, corporations, and government agencies throughout Europe,
North America and Asia have been hit. Once infected, the vulnerable
PC reboots without warning as the compact program hunts for more
machines to infiltrate.

The economic toll of Sasser may never be known, but it has claimed
some big scalps, including Germany's Deutsche Post, Britain's
coastguard stations and investment bank Goldman Sachs. (Additional
reporting by Bernhard Warner in London)


--

 _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
 You can't depend on your judgement when your imagination is out of focus. 
                                                          -- Mark Twain.
 _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/

       OLTECO                    Ari Ollikainen
       P.O. BOX 20088            Networking Architecture & Technology
       Stanford, CA              Ari () OLTECO com
       94309-0088                415.517.3519  

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/