German teenager indicted over Sasser worm

Prosecutors in Verden, Germany, have indicted an 18-year-old student for allegedly creating the Sasser worm that crashed hundreds...

Prosecutors in Verden, Germany, have indicted an 18-year-old student for allegedly creating the Sasser worm that crashed hundreds of thousands of computers worldwide after spreading at lighting speed over the internet.

In their 77-page indictment, prosecutors charged Sven Jaschan with computer sabotage, data manipulation and disruption of public systems.

Informants, seeking a $250,000 (£140,000) reward from Microsoft, tipped off the US software giant to Jaschan. He was arrested on 7 May after confessing to German crime officials that he originally wanted to create a virus, Netsky, to remove two other viruses, MyDoom and Bagle, from infected computers. After developing several versions of Netsky, he created Sasser, according to the officials.

Sasser did not require users to receive an e-mail message or open a file to be infected. Instead, just having a vulnerable Windows machine connected to the internet was enough to get infected.

Sasser exploited a hole in a component of Windows called the Local Security Authority Subsystem Service, or LSASS. On 13 April, Microsoft had released a software patch, MS04-011, which plugs the LSASS hole, but many companies and individuals had not installed it in time to prevent the Sasser worm affecting their systems.

The indictment papers lists 173 witnesses. Prosecutors said 143 victims had filed charges, claiming damages of €130,000 (£89,000).

But because many businesses and individuals seldom report such damages, the actual figure could be in the millions of euros, a spokesman at the Verden prosecutors' office said.

Computer sabotage carries a maxim sentence of five years, according to the spokesman. "But considering that this young person had no previous criminal offences, a five-year sentence is illusionary," he said.

A date for the trial has yet to be set, the spokesman said.

John Blau writes for IDG News Service



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:




  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...