Security

Author of Sasser, Netsky Worms Indicted

In an expected move following his arrest and confession earlier this year, an 18-year-old German student has been indicted on computer crimes for his work writing and releasing the Sasser and Netsky worms.

Sven Jaschan, who was turned in by a peer who sought a US$250,000 reward from Microsoft, was arrested last May when he admitted to making Sasser as an effort to eradicate two other prominent viruses: Bagle and MyDoom.

Jaschan later conceded that he had also worked to create multiple variants of the Netsky worm, which contributed to a “worm war” among other virus writers that involved dueling variants, a battle of words and a sometimes slowed Internet clogged by the self-spreading malicious software.

Facing Five Years

Jaschan, who faces a maximum of five years imprisonment under German law, fits the teenage profile of a typical virus writer, but does not appear to have been driven by traditional motivators such as notoriety or profit.

Instead, according to an interview in the German magazine Stern, Jaschan is portrayed as a curious young man with good intentions and bad results.

What might be most troubling to virus fighters is Jaschan’s reportedly limited experience, which began only a few months before his malware crashed thousands of machines around the world.

“What’s troubling is you can’t profile the next virus writer,” Richard Stiennon, Webroot vice president of threat research, told TechNewsWorld. “There’s a multitude of motivations, so it’s going to be really hard to figure out who’s next.”

Curiosity Causes Damage

German officials are reportedly working with local governments and media companies to press charges against Jaschan, who is accused of causing at least $150,000 in damage.

The Sasser worm tore through a Windows vulnerability in April and — despite the release of a patch from Microsoft — many systems fell victim to the worm because they had not been updated.

Jaschan also highlighted a newer trend in virus writing when he worked on the Netsky virus, which did not rely on e-mail to infect machines. “Obviously, he did a lot of damage,” Stiennon said. “Netsky, in particular, was harvesting machines. Now there seems to be a big scramble to assemble the biggest army [of compromised computers].”

Scene of the Variant

Stiennon said that despite a lack of international cooperation and the difficulty of tracking down a virus writer, Jaschan might have been caught because of his continued work on worms and variants.

“Any time you do something criminal, the more times you return to the scene of the crime, the more likely you are to get caught,” Stiennon said.

The security analyst added that while few companies other than Microsoft are encouraging prosecution of worm writers and law enforcement is limited somewhat by locality, Jaschan’s arrest illustrates that virus writers can be caught.

“The lesson learned is these guys are catchable and there should be investments made in tracking them down,” Stiennon said.

Scene of the Variant

Ken Dunham, iDefense malicious code intelligence manager, told TechNewsWorld that there are a relatively small number of virus writers responsible for the year’s worst worms, which included Sasser and Netsky.

Dunham said that the number and impact of variants has grown as virus writers release more than one variant at a time to overwhelm antivirus defenses.

Dunham said that virus writers are also advancing their “families” of viruses with variants to compete with each other, as occurred in this spring’s worm war that apparently included Jaschan’s participation.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Technewsworld Channels