Eurotennisfan
May 8th, 2004, 04:29 PM
Teen 'confesses' to Sasser worm
An 18-year-old German high school student has admitted creating the Sasser internet worm, police say.
The worm spread through an estimated 18 million computers across the world last week, continually shutting down and rebooting them.
The teenager was arrested on Friday in the town of Rotenburg in northern Germany, and has now been released.
Investigators seized a number of computers and disks from his home. It is understood he was working alone.
The teenager's identity has not been released, though the German weekly Der Spiegel reported that the CIA and FBI had joined the search for a suspect known as Sven J.
Different versions
"He made a confession and the experts at Microsoft have now confirmed that he was the cause of this worm," said police spokesman Frank Federau.
German prosecutors have scheduled a news conference for later on Saturday.
The BBC's Tristana Moore in Berlin says police are acting on the theory that the student was acting alone, not as part of a wider network.
The official German IT security agency said there were four versions of Sasser, and it was not clear if the suspect was behind all of them.
"The first version was amateurish," spokesman Michael Dickopf said.
VICTIMS OF SASSER
Hospitals in Hong Kong
Taiwanese post offices
British Airways check-in desks
British coastguards
Railways in Australia
However, the others "were clearly different in the damage they caused".
The Sasser worm quickly spread worldwide after its first appearance on 1 May.
Some businesses were forced to shut temporarily so they could clear their systems and update anti-virus protection.
Hospitals, banks, airlines, government agencies and many home users were affected.
But computer security experts have raised the possibility that Sasser may be connected to a previous virus called Netsky.
A police spokesman said he could not confirm whether the student was being investigated over Netsky, but experts said if there was a link, it could mark a breakthrough.
"The police may just have cracked the Netsky gang with this arrest. The whole ring may be broken wide open," said Graham Cluley, of British-based security firm Sophos.
The Sasser worm attacks recent versions of Microsoft's Windows operating systems - Windows 2000, Windows Server 2003 and Windows XP.
Unlike most outbreaks, it does not require a computer user to open a file in order to be activated - it can invade a machine directly via the internet.
Experts say it apparently does no lasting harm.
But although the worst of the outbreak is over, it is thought the worm will never entirely disappear, and that future versions may be far more damaging
================================================== =======
The worm killed a lot of my school's computers. Is it this easy to make something that can cause so much damage?
An 18-year-old German high school student has admitted creating the Sasser internet worm, police say.
The worm spread through an estimated 18 million computers across the world last week, continually shutting down and rebooting them.
The teenager was arrested on Friday in the town of Rotenburg in northern Germany, and has now been released.
Investigators seized a number of computers and disks from his home. It is understood he was working alone.
The teenager's identity has not been released, though the German weekly Der Spiegel reported that the CIA and FBI had joined the search for a suspect known as Sven J.
Different versions
"He made a confession and the experts at Microsoft have now confirmed that he was the cause of this worm," said police spokesman Frank Federau.
German prosecutors have scheduled a news conference for later on Saturday.
The BBC's Tristana Moore in Berlin says police are acting on the theory that the student was acting alone, not as part of a wider network.
The official German IT security agency said there were four versions of Sasser, and it was not clear if the suspect was behind all of them.
"The first version was amateurish," spokesman Michael Dickopf said.
VICTIMS OF SASSER
Hospitals in Hong Kong
Taiwanese post offices
British Airways check-in desks
British coastguards
Railways in Australia
However, the others "were clearly different in the damage they caused".
The Sasser worm quickly spread worldwide after its first appearance on 1 May.
Some businesses were forced to shut temporarily so they could clear their systems and update anti-virus protection.
Hospitals, banks, airlines, government agencies and many home users were affected.
But computer security experts have raised the possibility that Sasser may be connected to a previous virus called Netsky.
A police spokesman said he could not confirm whether the student was being investigated over Netsky, but experts said if there was a link, it could mark a breakthrough.
"The police may just have cracked the Netsky gang with this arrest. The whole ring may be broken wide open," said Graham Cluley, of British-based security firm Sophos.
The Sasser worm attacks recent versions of Microsoft's Windows operating systems - Windows 2000, Windows Server 2003 and Windows XP.
Unlike most outbreaks, it does not require a computer user to open a file in order to be activated - it can invade a machine directly via the internet.
Experts say it apparently does no lasting harm.
But although the worst of the outbreak is over, it is thought the worm will never entirely disappear, and that future versions may be far more damaging
================================================== =======
The worm killed a lot of my school's computers. Is it this easy to make something that can cause so much damage?