Gigabyte, female author of such viruses as Coconut-A, Sahay-A, and Sharp-A, has been arrested
by Belgium authorities.
Kim Vanvaeck, suspected of being the virus writer usually known
only by the nickname "Gigabyte", has reportedly been charged with
computer data sabotage and if convicted, faces up to three years in
prison and fines of up to €100,000.
She was arrested a few miles outside Brussels in her hometown,
Mechelen. After questioning, the Belgian authorities reportedly
confiscated her five computers and closed down her website, where
she posts her virus creations. She was released 24 hours later.
Gigabyte, who claimed in the Sahay worm to be part of the
'Metaphase VX Team', has also been mentioned in the code of other
viruses, such as the Yaha-Q worm, which includes
the text "to gigabyte :: chEErS pAL, kEEp uP tHe g00d w0rK.." and
the Trilisa-A virus, which displays the words "HECHO EN ADMIRACION
A GIGABYTE" as part of its payload.
"Gigabyte has presented herself almost as a Lara Croft-style
figure, in the male-dominated virus writing arena, and this has
made her a favourite for the media," said Graham Cluley, senior
technology consultant at Sophos. "Unfortunately for her, her hunger
for attention may also have been her undoing. One wonders why an
obviously computer literate girl would squander her skills on
Some of Gigabyte's viruses explained:
Posing as a Christmas screensaver, the Qizy worm asked infected
users a number of questions, including what Sophos's Graham Cluley
kept between his toes. Correct answers revealed map directions to a
Displays a graphical game where the recipient must throw coconuts
at the heads of Belgian hacker, Frans Devaere, and Sophos's Graham
Cluley. Each hit ensures that one less file on the recipient's
computer will be infected.
An email-aware worm that spreads via a screensaver called
MathMagic.scr. If users run the attachment, it forwards the virus
onto everyone in the Windows address book. The virus also attempts
to disinfect any infections of W32/Yaha-K. However, due to bugs, it
may fail to do this correctly.
An email-aware worm pretending to be a Windows Update
communication. The Sharp virus is a proof of concept virus because
it is first virus to be written in C#, a Microsoft's programming
language, which can run natively on .NET platforms.
An email-aware worm with an infected attached file called
parrot.scr. There is also a virus which renames files in the
Windows directory, and drops an audio file that played when the
virus is run. It also drops a VBS file displaying a message box
which includes offensive text about anti-virus researcher Graham
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.