Gigabyte, female author of such viruses as Coconut-A, Sahay-A, and Sharp-A, has been arrested
by Belgium authorities.
Kim Vanvaeck, suspected of being the virus writer usually known
only by the nickname "Gigabyte", has reportedly been charged with
computer data sabotage and if convicted, faces up to three years in
prison and fines of up to €100,000.
She was arrested a few miles outside Brussels in her hometown,
Mechelen. After questioning, the Belgian authorities reportedly
confiscated her five computers and closed down her website, where
she posts her virus creations. She was released 24 hours later.
Gigabyte, who claimed in the Sahay worm to be part of the
'Metaphase VX Team', has also been mentioned in the code of other
viruses, such as the Yaha-Q worm, which includes
the text "to gigabyte :: chEErS pAL, kEEp uP tHe g00d w0rK.." and
the Trilisa-A virus, which displays the words "HECHO EN ADMIRACION
A GIGABYTE" as part of its payload.
"Gigabyte has presented herself almost as a Lara Croft-style
figure, in the male-dominated virus writing arena, and this has
made her a favourite for the media," said Graham Cluley, senior
technology consultant at Sophos. "Unfortunately for her, her hunger
for attention may also have been her undoing. One wonders why an
obviously computer literate girl would squander her skills on
criminal activity."
Some of Gigabyte's viruses explained:
W32/Qizy-A
December 2003
Posing as a Christmas screensaver, the Qizy worm asked infected
users a number of questions, including what Sophos's Graham Cluley
kept between his toes. Correct answers revealed map directions to a
mystery package.
W32/Coconut-A
July 2003
Displays a graphical game where the recipient must throw coconuts
at the heads of Belgian hacker, Frans Devaere, and Sophos's Graham
Cluley. Each hit ensures that one less file on the recipient's
computer will be infected.
W32/Sahay-A
January 2003
An email-aware worm that spreads via a screensaver called
MathMagic.scr. If users run the attachment, it forwards the virus
onto everyone in the Windows address book. The virus also attempts
to disinfect any infections of W32/Yaha-K. However, due to bugs, it
may fail to do this correctly.
W32/Sharp-A
March 2002
An email-aware worm pretending to be a Windows Update
communication. The Sharp virus is a proof of concept virus because
it is first virus to be written in C#, a Microsoft's programming
language, which can run natively on .NET platforms.
W32/Parrot-A
Mid 2001
An email-aware worm with an infected attached file called
parrot.scr. There is also a virus which renames files in the
Windows directory, and drops an audio file that played when the
virus is run. It also drops a VBS file displaying a message box
which includes offensive text about anti-virus researcher Graham
Cluley.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.