Friday, September 24, 2021

Hopes High Sasser Author Arrest Ends ‘Worm War’

Analysts are hoping that last Friday’s arrest of the alleged author of the virulent Sasser

worm will put an end to the ‘worm war’ that has been hammering anti-virus vendors and IT

shops for the past several months.

Sven Jaschan, an 18-year-old German, was picked up in Rotenburg, North Germany by

authorities on Friday, May 7, and allegedly admitted to being the author of the

fast-spreading Sasser worm, according to Reuters news service. Authorities say Jaschan may

have been trying to drum up business for his mother, who runs a small computer maintenance

business.

Analysts estimate that the Sasser family of worms attacked tens of millions of computers

around the world.

But security analysts say this one arrest may have broader implications.

Graham Cluley, a senior technology consultant for Sophos Inc., an anti-virus and anti-spam

company based in Lynnfield, Mass., says virus experts believe the person or group behind

the Sasser worm family also may be responsible for the highly damaging Netsky worms, which

have been battering the Internet for most of the year. And that economic damage was

multiplied when the Netsky author got embroiled in a digital battle with the Bagle worm

author or authors.

One Netsky worm, once it compromised a machine, would actually wipe out any Bagle

infection. And three Netsky variants contained messages inside its coding, sniping at the

authors of Bagle and MyDoom. One message read, ”We kill malware writers. They have no

chance.”

The Bagle authors quickly struck back, including their own messages, many of them R-rated

at the minimum, in several variants. One message reads in part, ”Hey Netsky… Don’t ruin

our business. Wanna start a war?”

The war of words soon turned into a battle of one-ups-manship with each hacker releasing

one worm variant after another. Soon, anti-virus vendors and IT and security administrators

were swamped with simply keeping up with the barrage of Netsky and Bagle worms that were

coming at them.

”Our hope is that this worm war will be over now,” says Ken Dunham, director of malicious

code at iDefense, Inc., a security intelligence company based in Reston, Va. ”We want to

get back to work on other things than Bagle and Netsky variants… If this kid authored

both Sasser and Netsky, it might be over.”

Cluley agrees.

”If you scrutinize the most recent Netsky worm, you can see that the author embedded a

taunt to anti-virus companies, bragging that he also wrote the Sasser worm,” Cluley says

in a written statement. ”If this is the case, this could be one of the most significant

cybercrime arrests of all time.

”All of these worms have been highly disruptive and complex, suggesting that the author

isn’t working alone,” he adds. ”Seizing this man’s computers could provide the vital

clues which will bring down the infamous ‘Skynet’ virus-writing gang. We would not be

surprised if more arrests follow in due course.”

Dunham points out that previous hacker arrests have led to further arrests in the

underground community. He points to the 1999 arrest of David Smith who plead guilty and was

sentenced for creating and disseminating the Melissa virus, which was one of the most

damaging viruses of its time. Dunham says Smith later worked for the FBI, collecting

information about other virus writers.

”Jaschan may have information about lots of people,” says Dunham. ”Virus writers share

code and exploits, and get information from one another. They chat with people and get

help. My guess is that authorities will try to get information on others.”

Reuters reports that Jaschan, who has only allegedly admitted to authoring Sasser at this

point, faces charges of computer sabotage, which carry a maximum of five years in prison.

The actual punishment could be less because Jaschon, who turned 18 in late April, was 17

when the worm was first released into the wild.

Similar articles

Latest Articles