Hopes High Sasser Author Arrest Ends 'Worm War'

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  
Analysts are hoping that last Friday's arrest of the alleged author of the virulent Sasserworm will put an end to the 'worm war' that has been hammering anti-virus vendors and ITshops for the past several months.

Sven Jaschan, an 18-year-old German, was picked up in Rotenburg, North Germany byauthorities on Friday, May 7, and allegedly admitted to being the author of thefast-spreading Sasser worm, according to Reuters news service. Authorities say Jaschan mayhave been trying to drum up business for his mother, who runs a small computer maintenancebusiness.

Analysts estimate that the Sasser family of worms attacked tens of millions of computersaround the world.

But security analysts say this one arrest may have broader implications.

Graham Cluley, a senior technology consultant for Sophos Inc., an anti-virus and anti-spamcompany based in Lynnfield, Mass., says virus experts believe the person or group behindthe Sasser worm family also may be responsible for the highly damaging Netsky worms, whichhave been battering the Internet for most of the year. And that economic damage wasmultiplied when the Netsky author got embroiled in a digital battle with the Bagle wormauthor or authors.

One Netsky worm, once it compromised a machine, would actually wipe out any Bagleinfection. And three Netsky variants contained messages inside its coding, sniping at theauthors of Bagle and MyDoom. One message read, ''We kill malware writers. They have nochance.''

The Bagle authors quickly struck back, including their own messages, many of them R-ratedat the minimum, in several variants. One message reads in part, ''Hey Netsky... Don't ruinour business. Wanna start a war?''

The war of words soon turned into a battle of one-ups-manship with each hacker releasingone worm variant after another. Soon, anti-virus vendors and IT and security administratorswere swamped with simply keeping up with the barrage of Netsky and Bagle worms that werecoming at them.

''Our hope is that this worm war will be over now,'' says Ken Dunham, director of maliciouscode at iDefense, Inc., a security intelligence company based in Reston, Va. ''We want toget back to work on other things than Bagle and Netsky variants... If this kid authoredboth Sasser and Netsky, it might be over.''

Cluley agrees.

''If you scrutinize the most recent Netsky worm, you can see that the author embedded ataunt to anti-virus companies, bragging that he also wrote the Sasser worm,'' Cluley saysin a written statement. ''If this is the case, this could be one of the most significantcybercrime arrests of all time.

''All of these worms have been highly disruptive and complex, suggesting that the authorisn't working alone,'' he adds. ''Seizing this man's computers could provide the vitalclues which will bring down the infamous 'Skynet' virus-writing gang. We would not besurprised if more arrests follow in due course.''

Dunham points out that previous hacker arrests have led to further arrests in theunderground community. He points to the 1999 arrest of David Smith who plead guilty and wassentenced for creating and disseminating the Melissa virus, which was one of the mostdamaging viruses of its time. Dunham says Smith later worked for the FBI, collectinginformation about other virus writers.

''Jaschan may have information about lots of people,'' says Dunham. ''Virus writers sharecode and exploits, and get information from one another. They chat with people and gethelp. My guess is that authorities will try to get information on others.''

Reuters reports that Jaschan, who has only allegedly admitted to authoring Sasser at thispoint, faces charges of computer sabotage, which carry a maximum of five years in prison.The actual punishment could be less because Jaschon, who turned 18 in late April, was 17when the worm was first released into the wild.