“German police have arrested an 18-year-old man suspected of creating the Sasser computer worm, believed to be one of the Internet’s costliest outbreaks of sabotage. Spokesman Frank Federau for the Lower Saxony police said the man was arrested Friday. Federau said the suspect admitted to programing the worm, but authorities did not know if he had created all the versions of it,” Reuters reports.
“‘He made a confession, and the experts at Microsoft have now confirmed that he was the cause of this worm,’ said Federau. He said he did not have any details of how the suspect was found. Surprised at the rapid developments, security experts said this could be the single biggest arrest yet in bringing down a virus-writing gang,” Reuters reports. “Federau said that the man, who lived with his parents near the central German town of Rotenburg, did not have any links with organized crime. But the spokesman could not confirm if the suspect had ties to other worm programers.”
“All the teenager’s computers were confiscated by police but the suspect himself was not in custody, Federau said,” Reuters reports. “Since appearing a week ago, Sasser has wreaked havoc on personal computers running on the ubiquitous Microsoft Windows 2000, NT and XP operating systems, but is expected to slow down as computer users download antivirus patches. The computing underground responsible for hatching worms and viruses has proved a difficult ring to crack for law enforcement. ‘Hopefully this arrest will limit their activities,’ said Mikko Hypponen, antivirus research director at Finnish data security firm F-Secure. ‘If we can start catching these guys, it will certainly put more pressure on existing virus writers.'”
Full article here.
Related MacDailyNews articles:
Gartner: Worms jack up the total cost of Microsoft Windows – May 07, 2004
Windows Sasser worm mutates, knocks out banks, EC; Macintosh unaffected – May 04, 2004
Windows Sasser worm severely disrupts UK coastguard; Mac users remain unaffected – May 04, 2004
Windows Sasser net worm spreading rapidly; Macintosh unaffected – May 03, 2004
Talking of Bill Gates, I thought this was funny.
I believe itnaanti is right. Viruses or worms as effective as this can’t be created without advanced computing skills. The do-it-yourself, ready-made variety are for beginners.
Arresting one virus programmer wont solve the bigger issues. I’m constantly amazed by how media seems to only focus on the creators of viruses and not the actual security risks of using Windows.
This individual may be an evil computer programming genius and mastermind of a secret underworld organization or he may be some misguided Teutonic lad with too much time on his hands. Until the press does it job and provides a history of this person it is all speculation.
MS will be a laughing stock if it is true that �Sasser Boy� was simply a kid with some programming skills acting alone. I really cannot understand comments that virus writers are part of a criminal organization. Unless these people are extorting money I fail to see how writing a virus generates any profit for the criminal.
Charko: Phatbot source code is public. And it is pretty advanced and configurable. Actually, initially they believed Sasser was the result of using Phatbot but some sloppy coding of first version – Sasser.A – responsible for making Windows reboot, made expert conclude that Phatbot was not used after all: it does not generate that crappy code.
This is what is available to kids:
Phatbot Feature List
” width=”19″ height=”19″ alt=”smile” style=”border:0;” />.”
(Many of these features are also present in Agobot)
Has the ability to polymorph on install in an attempt to evade antivirus signatures as it spreads from system to system
Checks to see if it is allowed to send mail to AOL, for spamming purposes
Can steal Windows Product Keys
Can run an IDENT server on demand
Starts an FTP server to deliver the trojan binary to exploited hosts – ends the FTP session with the message “221 Goodbye, have a good infection
Can run a socks, HTTP or HTTPS proxy on demand
Can start a redirection service for GRE or TCP protocols
Can scan for and use the following exploits to spread itself to new victims:
DCOM
DCOM2
MyDoom backdoor
DameWare
Locator Service (Update: This exploit appears to be non-functional)
Shares with weak passwords
WebDav
WKS – Windows Workstation Service
Update 2004-04-20 – Newer versions of Agobot and Phatbot have added scanner modules for:
Bagle virus backdoor
CPanel resetpass vulnerability
UPnP (MS01-059)
MSSQL weak administrator passwords
Attempts to kill instances of MSBlast, Welchia and Sobig.F
Can sniff IRC network traffic looking for logins to other botnets and IRC operator passwords
Can sniff FTP network traffic for usernames and passwords
Can sniff HTTP network traffic for Paypal cookies
Contains a list of nearly 600 processes to kill if found on an infected system.Some are antivirus software, others are competing viruses/trojans
Tests the available bandwidth by posting large amounts of data to selected sites.
Can steal AOL account logins and passwords
Can steal CD Keys for several popular games
Can harvest emails from the web for spam purposes
Can harvest emails from the local system for spam purposes
This thing is public and available. You wonder why I would not touch Windows with a 100 yards stick?
An average kid with average (by today standards) computer skills can learn Phatbot in a weekend and send own virus by Sunday night.
Last comment: Phatbot is widely used to create spyware which are not usually detected by the average PC user. Symantek believes the average Windows PC has ~20 spybots installed and doing things as in my above post to the unsuspecting user.
oh, and do not believe Phatbot is the best of what is available… far from it.
What is amazing is that virus writers and youngster like Sasser boy must truly be an infinitesimal part of users otherwise there would be things as Sasser daily and in double digits rather than once in a while.
hellstudios asked,
‘How does one person constitute a gang?’
Let me – the chief consultant here at the Enderle Group – explain…
We should all be so lucky that guys like him keep writing worms. After all it’ll only more lost souls back to the light and out of hell >:)
Also i wonder what they’ll do with the boy now … they can’t seriously think that he’s able to pay back for any of the damage that was done. So from the economic side it’s sorta futile to punish him at all.
cAtraXx,
Let him ‘choose’ his ‘punishment’ – like they were going to let BG3.
His ‘choices’ could be – prison or a job at M$ fix the holes!
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
I guess i’d prefer the prison
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
It’s the Wild Wild West all over again!
Jack A’s comment: “Someone needs to get it into the mass media that there are currently ZERO malicious viruses in the wild for Mac OS X. I mention this to windows users and they always seem amazed. They JUST DON’T KNOW.”
I’ve tried to send information like this to the local news media and EVERY TIME they refuse to run a story on it, simply because it is complimentry to Apple. When the story on the Virginia Polytech supercomputer came out, I thought that the news media would find this to be an interesting tech story – wrong. None of the local media reported the story even after sending them all the info they needed. One channel ran, what they catagorized as a “high tech” story on (of all things), “Bottled water for dogs”!!!
When the “Night of Panther” release was approaching, I sent the info about it to all the local news media. On Friday night, there were lines extending the length of the shopping mall and it took nearly an hour to get into the Apple store (by the way the event was well worth it). People were walking by with astonished looks on their faces wondering what was happening. Guess what…the news media didn’t think it was worth covering.
Sad to say, but the new media is REALLY biased against Apple. And with the monopoly they hold on the airwaves, it is tremendously difficult to get the truth out.
To stress my point:
Saturday night, said Jimmy Kuo, a research fellow with antivirus software maker NAI […] said that additional laws may be necessary to dissuade virus writers from releasing their programs onto the Internet.
“We would hope that there could be laws that would prohibit the posting of malicious code,” Kuo said. “Sasser was partially written by some malicious code that was downloaded by the Internet.”
As I said, average talend, average computing skills. Just a bit of dedication and an average teenager can make Microsoft cry and catch them pants down.
Embarassing.
If you have not done it yet, switch to a serious OS, Linux or OS X but dich the crap already.