German teenager indicted over Sasser worm

News

German teenager indicted over Sasser worm

Prosecutors in Verden, Germany, have indicted an 18-year-old student for allegedly creating the Sasser worm that crashed hundreds of thousands of computers worldwide after spreading at lighting speed over the internet.

In their 77-page indictment, prosecutors charged Sven Jaschan with computer sabotage, data manipulation and disruption of public systems.

Informants, seeking a $250,000 (£140,000) reward from Microsoft, tipped off the US software giant to Jaschan. He was arrested on 7 May after confessing to German crime officials that he originally wanted to create a virus, Netsky, to remove two other viruses, MyDoom and Bagle, from infected computers. After developing several versions of Netsky, he created Sasser, according to the officials.

Sasser did not require users to receive an e-mail message or open a file to be infected. Instead, just having a vulnerable Windows machine connected to the internet was enough to get infected.

Sasser exploited a hole in a component of Windows called the Local Security Authority Subsystem Service, or LSASS. On 13 April, Microsoft had released a software patch, MS04-011, which plugs the LSASS hole, but many companies and individuals had not installed it in time to prevent the Sasser worm affecting their systems.

The indictment papers lists 173 witnesses. Prosecutors said 143 victims had filed charges, claiming damages of €130,000 (£89,000).

But because many businesses and individuals seldom report such damages, the actual figure could be in the millions of euros, a spokesman at the Verden prosecutors' office said.

Computer sabotage carries a maxim sentence of five years, according to the spokesman. "But considering that this young person had no previous criminal offences, a five-year sentence is illusionary," he said.

A date for the trial has yet to be set, the spokesman said.

John Blau writes for IDG News Service


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
 

COMMENTS powered by Disqus  //  Commenting policy