Hopes High Sasser Author Arrest Ends 'Worm War'
Analysts are hoping that last Friday's arrest of the alleged author of the virulent Sasser worm will put an end to the 'worm war' that has been hammering anti-virus vendors and IT shops for the past several months.
Sven Jaschan, an 18-year-old German, was picked up in Rotenburg, North Germany by authorities on Friday, May 7, and allegedly admitted to being the author of the fast-spreading Sasser worm, according to Reuters news service. Authorities say Jaschan may have been trying to drum up business for his mother, who runs a small computer maintenance business.
Analysts estimate that the Sasser family of worms attacked tens of millions of computers around the world.
But security analysts say this one arrest may have broader implications.
One Netsky worm, once it compromised a machine, would actually wipe out any Bagle infection. And three Netsky variants contained messages inside its coding, sniping at the authors of Bagle and MyDoom. One message read, ''We kill malware writers. They have no chance.''
The Bagle authors quickly struck back, including their own messages, many of them R-rated at the minimum, in several variants. One message reads in part, ''Hey Netsky... Don't ruin our business. Wanna start a war?''
The war of words soon turned into a battle of one-ups-manship with each hacker releasing one worm variant after another. Soon, anti-virus vendors and IT and security administrators were swamped with simply keeping up with the barrage of Netsky and Bagle worms that were coming at them.
''Our hope is that this worm war will be over now,'' says Ken Dunham, director of malicious code at iDefense, Inc., a security intelligence company based in Reston, Va. ''We want to get back to work on other things than Bagle and Netsky variants... If this kid authored both Sasser and Netsky, it might be over.''
''If you scrutinize the most recent Netsky worm, you can see that the author embedded a taunt to anti-virus companies, bragging that he also wrote the Sasser worm,'' Cluley says in a written statement. ''If this is the case, this could be one of the most significant cybercrime arrests of all time.
''All of these worms have been highly disruptive and complex, suggesting that the author isn't working alone,'' he adds. ''Seizing this man's computers could provide the vital clues which will bring down the infamous 'Skynet' virus-writing gang. We would not be surprised if more arrests follow in due course.''
Dunham points out that previous hacker arrests have led to further arrests in the underground community. He points to the 1999 arrest of David Smith who plead guilty and was sentenced for creating and disseminating the Melissa virus, which was one of the most damaging viruses of its time. Dunham says Smith later worked for the FBI, collecting information about other virus writers.
''Jaschan may have information about lots of people,'' says Dunham. ''Virus writers share code and exploits, and get information from one another. They chat with people and get help. My guess is that authorities will try to get information on others.''
Reuters reports that Jaschan, who has only allegedly admitted to authoring Sasser at this point, faces charges of computer sabotage, which carry a maximum of five years in prison. The actual punishment could be less because Jaschon, who turned 18 in late April, was 17 when the worm was first released into the wild.