Kournikova writer set for short sentence

Lack of serious evidence may cripple the FBI's case against the author of the Anna Kournikova virus.

Lack of serious evidence may cripple the FBI's case against the author of the Anna Kournikova virus.

The FBI revealed that only 55 firms have admitted they were victims of the virus, which is believed to have affected millions of users. The combined loss suffered by the victim companies is said to be less than £120,000.

Jan de Wit, author of the virus, faces a minimal community service sentence because of a lack of evidence.

De Wit turned himself in to Dutch police shortly after posting the e-mail worm to an Internet newsgroup in February this year. Currently on trial in the Netherlands, he will be sentenced on 27 September.

Many businesses refuse to admit to being victims of security attacks for fear of loss of reputation.

In August, a survey of members of the Confederation of British Industry (CBI) revealed that 69% were more fearful of the damage to their reputation caused by becoming a victim of cybercrime than they were of financial losses.

Graham Cluley, senior consultant for Sophos Anti-Virus, says firms are burying their heads in the sand because they believe that reporting a virus infection is an admission of weakness.

He explained: "The Anna Kournikova worm was one of the hardest-hitting worms ever. How can authorities hope to make the punishment fit the crime when so few companies admit they've been hit?"

The CBI said: "We would encourage all companies to play a part in bringing to justice and satisfactorily punishing anyone who interferes with a company's computer systems.

"We understand why businesses do not want to highlight such matters but it is vital to speak out and create greater awareness of this crucial issue."

Cluley added: "Light sentences are never going to deter people from writing and distributing viruses, but the courts have little choice when there is scant evidence of money lost.

"More evidence means more appropriate sentences. Only when this happens will people think twice before wreaking havoc."

Read more on IT legislation and regulation