German teenager indicted over Sasser worm

Prosecutors in Verden, Germany, have indicted an 18-year-old student for allegedly creating the Sasser worm that crashed hundreds...

Prosecutors in Verden, Germany, have indicted an 18-year-old student for allegedly creating the Sasser worm that crashed hundreds of thousands of computers worldwide after spreading at lighting speed over the internet.

In their 77-page indictment, prosecutors charged Sven Jaschan with computer sabotage, data manipulation and disruption of public systems.

Informants, seeking a $250,000 (£140,000) reward from Microsoft, tipped off the US software giant to Jaschan. He was arrested on 7 May after confessing to German crime officials that he originally wanted to create a virus, Netsky, to remove two other viruses, MyDoom and Bagle, from infected computers. After developing several versions of Netsky, he created Sasser, according to the officials.

Sasser did not require users to receive an e-mail message or open a file to be infected. Instead, just having a vulnerable Windows machine connected to the internet was enough to get infected.

Sasser exploited a hole in a component of Windows called the Local Security Authority Subsystem Service, or LSASS. On 13 April, Microsoft had released a software patch, MS04-011, which plugs the LSASS hole, but many companies and individuals had not installed it in time to prevent the Sasser worm affecting their systems.

The indictment papers lists 173 witnesses. Prosecutors said 143 victims had filed charges, claiming damages of €130,000 (£89,000).

But because many businesses and individuals seldom report such damages, the actual figure could be in the millions of euros, a spokesman at the Verden prosecutors' office said.

Computer sabotage carries a maxim sentence of five years, according to the spokesman. "But considering that this young person had no previous criminal offences, a five-year sentence is illusionary," he said.

A date for the trial has yet to be set, the spokesman said.

John Blau writes for IDG News Service

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.