|Marek Strihavka (also known as "Benny") has been
questioned by the police. He was interviewed by the New York Times in early
According to reports on a IT security website, Czech police have
interviewed and confiscated computers from "Benny", a former member
of the 29A virus-writing gang.
22-year-old Marek Strihavka, who lives in Brno in the Czech
Republic, was questioned by police on Thursday 25 November and had
all of his computer equipment confiscated for further
According to the media report, police questioned Strihavka - who
uses the nickname "Benny" online - principally about the Slammer internet worm
which exploited a vulnerability in Microsoft's SQL Server software
and slowed down sections of the internet in January 2003.
In a statement dated February 18 2003 "Benny" announced his
retirement as a virus writer.
"Benny has always said that he never released his viruses into
the wild, so it will be interesting to see if any charges will be
brought against him. However, he has published his dangerous viral
source code on the internet which may have acted as an
encouragement for others to cause damage," said Graham Cluley, senior
technology consultant. "Virus-writing is not just a juvenile prank
- it causes real harm to the data of innocent computer users
worldwide. It's good to see police around the world take action
against those in the computer underground who promote virus writing
and malicious behaviour."
Earlier this month it was revealed that "Benny", who claims to have now
given up writing viruses, has gained employment writing anti-virus
software for a Czech company.
"Benny", who posted a weblog on the internet and has published
photographs of himself online, was said by 29A to have resigned his
membership of the malware-writing group two weeks ago. In the wake
of the police action, two other members of the 29A gang - "Ratter"
and "dis69" - are said to have resigned from the group and
"Benny"'s weblog has disappeared.
"Benny" famously told the New York Times in an interview that he
decided to write a virus to exploit Windows 2000, two weeks before
Microsoft released the new version of their operating system.
Another member of the 29A virus-writing gang, "Whale", was
found guilty by a
Russian court earlier this month.
Some of Benny's viruses explained:
A .NET-aware Windows file infecting virus. The virus displays a
message box saying: This cell has been infected by dotNET
virus! .NET.dotNET by Benny/29A
The Lindose virus could infect both Windows and Linux systems.
Displays a message box which says: Win32.Milennium by
Benny/29A, First multifiber virus is here, beware of me :-), Click
OK if u wanna run this shit
The first virus that took advantage of NTFS Alternative Data
Streams (ADS). The virus displays a message box saying:
Win2k.Stream by Benny/29A & Ratter. This cell has been
infected by [Win2k.Stream] virus!
The first virus for Microsoft's Windows 2000 operating system. The
following text is hidden inside the virus code:
[Win2000.Installer] by Benny/29A & Darkman/29A
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.