Sasser Worm Suspect Confesses to German Police

Sat May 8, 2004 11:40 AM ET

By James Mackenzie

HANOVER, Germany (Reuters) - German police have arrested an 18-year-old man suspected of creating the "Sasser" computer worm, believed to be one of the Internet's most costly outbreaks of sabotage.

Spokesman Frank Federau for Lower Saxony police said the man was arrested on Friday after software giant Microsoft gave police a tip-off on the source of the destructive worm.

Microsoft itself had previously received anonymous tip-offs on the worm's creators, Federau said.

"We are absolutely certain that this really is the creator of the Internet worm because Microsoft experts were involved in the inquiry and confirmed our suspicions and because the suspect admitted to it," he told Reuters in an interview. Microsoft, the U.S. Federal Bureau of Investigation (FBI) and German police had all worked together to find the suspect, Federau said.

Federau said the man, who he described as a highly intelligent "computer freak" living with his parents, was arrested on Friday near the central German town of Rotenburg but was later released.

Police said it appeared the arrested man acted alone and there were no other suspects. The arrested man is suspected of "computer sabotage," a charge carrying up to five years imprisonment in Germany.

HIGHLY INTELLIGENT COMPUTER FREAK

Since appearing a week ago, Sasser has wreaked havoc on personal computers running on the ubiquitous Microsoft Windows 2000, NT and XP operating systems, but is expected to slow down as computer users download anti-virus patches.

The computing underground responsible for hatching worms and viruses has proved a difficult ring to crack for law enforcement.

"Hopefully this arrest will limit their activities," said Mikko Hypponen, Anti-Virus Research Director at Finnish data security firm F-Secure. "If we can start catching these guys it will certainly put more pressure on existing virus writers."

A separate arrest in Southern Germany pointed to the inter-connected nature of Internet worms.

Police in the southern state of Baden-Wuerttemberg said they had arrested a 21 year-old unemployed man who confessed to programing the Internet worm "Agobot" which was later renamed as "Phatbot."

A spokesman for the State Police Office in Stuttgart said the man had used Sasser to transport Phatbot but there were no indications he was connected to the Sasser suspect.

From the outset, Sasser baffled security experts. Unlike the most recent digital outbreaks, Sasser was programed simply to spread and knock out computer networks, not take over machines and possibly steal information stored on them.

Home users, corporations, and government agencies throughout Europe, North America and Asia have been hit. Once infected, the vulnerable PC reboots without warning as the compact program hunts for more machines to infiltrate.

The economic toll of Sasser may never be known, but it has claimed some big scalps, including Germany's Deutsche Post, Britain's coastguard stations and investment bank Goldman Sachs. (Additional reporting by Bernhard Warner in London)