- Cool Yule Tools: 2008 Holiday Gift Guide
- 10 kitchen gadgets for the geek gourmet
- Google admits to violating iPhone development terms
- Smartphone smackdown: Storm vs. iPhone
- Google layoffs: 10,000 jobs being cut
The release of a new version of the Sasser worm calls into question claims by some German authorities that they have the sole author of the worm in custody, according to anti-virus experts.
A new version of the Sasser worm, dubbed Sasser-E, appeared late Friday, around the time police arrested an 18-year-old man they said was the author of all the Sasser variants and of the Netsky worm. While it is possible that the teenager released the worm just before being captured, the close timing and clues from earlier Sasser variants may point to a larger network of virus writers outside of Germany, said Mikko Hyppönen, anti-virus research manager at F-Secure in Finland.
On Friday, German police in Lower Saxony arrested the man and charged him with creating Sasser, which appeared on May 1, and three variants that appeared in subsequent days.
The arrest of the man, who has not officially been identified, followed a tip to Microsoft Deutschland from individuals who asked about the possibility of receiving a reward in exchange for information about the creator of the Sasser worm, said Brad Smith, senior vice president and general counsel at Microsoft, in a statement.
On Monday, the Associated Press quoted Frank Federau, a spokesman for the state criminal office in Hanover, Germany, saying the teenager likely programmed Sasser-E "immediately before his discovery."
Microsoft believes that the man arrested made Sasser-E, like the other variants, and released it almost simultaneously with his arrest, according to Smith.
"It's our understanding that the police have arrested the individual responsible for Sasser-E and the four previous variants," he said.
Microsoft is basing that position on statements from German authorities and from the ongoing investigation of Sasser and Netsky, he said.
Anti-virus experts say that scenario is possible, but not likely.
"It's... possible it was released by the guy they arrested... but he would have to have released it just before he got arrested, 15 minutes before the police knocked on his door," Hyppönen said.
However, the timing of the release and tidbits of information gleaned from earlier Sasser worms suggests that others may be involved with the Sasser and Netsky worms, Hyppönen said.
F-Secure learned of Sasser-E 10 hours after the arrest of the suspect, but knows of earlier reports that put the first appearance of the worm around three hours and forty-five minutes after his arrest, according to information on the F-Secure Web site.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment