10 May 2004 The incentive of a reward from Microsoft appears to have led to the capture of the author of the Sasser worm, which caused havoc when it was released on to the Internet earlier this month.
Police say an unnamed 18-year-old student from a small town in Lower Saxony, Germany, has admitted responsibility for the Sasser worm.
The student, say German police, claimed to have created the virus after being egged on by friends. He says he did not realise the damage it would cause. It is understood that he has already sold the rights to his story.
The student, who was still 17 when he wrote the virus, has been released from custody but faces possible charges of computer sabotage, a crime that carries a maximum sentence of five years in prison. The fact that he was still a juvenile may be a factor, however.
His arrest on 8 May followed a tip-off days earlier from people described as his “acquaintances”. They are believed to have agreed to provide a name after seeking assurances from the software company that they would be in line for a reward.
In November 2003, Microsoft launched a $5 million reward fund for information leading to the conviction of authors of the most serious viruses to target Windows computers.
Helmut Trentmann of the state prosecutors office told the Reuters news agency that the youth’s interest in programming was stimulated by his family’s small computer business. Friends and neighbours were quoted in German media reports describing the student as shy and introverted.
“He was involved in a group of fellow students and he exchanged ideas with students but as far as we know he did the coding work alone,” Trentmann said. “How far others may have acted with him has yet to be seen.”
Some reports have claimed there might be a connection between the Sasser author and the infamous ‘Skynet’ team of virus writers, although police have played this down.
However, one day before the capture of the Sasser writer, police arrested a number of suspected virus writers in the German/Swiss border town of Loerrach. It is unclear if they form part of the Skynet group. One of those arrested, an unemployed 21-year-old man, confessed to writing the ‘Phatbot’ and ‘Agobot’ viruses.
The Sasser worm exploits a vulnerability in the Windows operating system causing millions of infected computers to continually shut down and reboot. Unlike most worms, it does not require users to open an attachment to activate it. The Coastguard Service and British Airways were among UK organisations hit.