Spanish police have arrested a 23-year-old man in Madrid, who is suspected of being the author of the W32/Raleka worm which infected more than 120,000 computers in August.
The Raleka worm operated in a similar way to the Blaster worm, exploiting the Windows RPC Service vulnerability in versions of Microsoft Windows 2000 and XP operating systems. Infected machines could then be used to mount further remote attacks.
The Guardia Civil police unit's website said the the arrested man used the nickname 900K and was the leader of a group of hackers called Akelarre. The man's name was not released.
A technical investigation of the virus enabled police to track down the Akelarre group and make the arrest and impound eight computers.
This is the first arrest of a suspected virus author in Spain, showing that anti-virus efforts are improving, according to security company Sophos.
"Computer crime authorities around the world are now more equipped at hunting down the perpetrators of hacking and virus crimes," said Graham Cluley, senior technology consultant for Sophos. "Virus writers should be asking themselves whether it's really worth taking the risk."
David Legard writes for IDG News Service