- The Washington Times - Saturday, May 8, 2004

HANOVER, Germany — A German high-school student has confessed to creating the “Sasser” worm that generated chaos across the globe by infecting hundreds of thousands of computers, authorities said yesterday.

The teenager, whose name was not released, was arrested Friday in the northern village of Waffensen, where he lives with his family. In a search of the suspect’s home, investigators confiscated his customized computer, which contained the worm’s source code.

“As a result of the student’s detailed testimony about the viruses he spread, he has been identified clearly as the author,” the state criminal office in Hanover said. Spokesman Detlef Ehrike said the boy is being investigated on suspicion of computer sabotage, which carries a maximum sentence of five years in prison.

After being questioned, the teenager was released pending charges.

The worm raced around the world over the past week, exploiting a flaw in Microsoft’s Windows operating system.

Microsoft said informants contacted it on Wednesday, offering information about the worm’s creator. The company’s investigators worked with German authorities, the FBI and Secret Service agents, tracing the virus by analyzing its source code, said Brad Smith, Microsoft’s top lawyer.

Unlike many infections, Sasser does not require users to activate it by clicking on an e-mail attachment. Once inside, the worm scans the Internet for others to attack, causing some computers to continually crash and reboot.

The teenager told officials that his original intention was to create a virus called “Netsky A” that would combat the “Mydoom” and “Bagle” viruses, removing them from infected computers. In the course of that effort, he developed Sasser.

On Monday, the worm hit public hospitals in Hong Kong and one-third of Taiwan’s post office branches. Twenty British Airways flights were each delayed about 10 minutes Tuesday due to Sasser troubles at check-in desks. British coast guard stations were forced to use pen and paper for charts normally generated by computer.

Sasser is known as a network worm because it can automatically scan the Internet for computers with the security flaw and send a copy of itself there.

The German government’s information technology security agency said there were four versions of Sasser.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide