Mass-mailing worm suspect arrested in Spain, Sophos reports

January 27, 2005 Sophos Press Release

Worm downloaded picture of well-known Madrid party girl

The Spanish Civil Guard has announced that it has detained a 20-year-old man in Ejica, near Seville, in connection with creating and spreading the "Tasin" computer worm.

The Tasin worm (also known as W32/Anzae) spread via email in November 2004. According to police it infected thousands of computers in Spain and South America, trashing critical Windows system files.

The worm spread using Spanish-language subject lines, and created headlines when it became known that it downloaded from the internet pictures of the pneumatic Madrid party girl, Nuria Bermudez. Ms Bermudez is well known to the local media having claimed to have slept with half of the Real Madrid soccer team.

A Spanish police investigation team began "Operation Astigi" to hunt down the creator of the worm in late 2004, finding clues hidden inside the code which gave the worm's author's internet pseudonym. The suspect's identity has not been revealed, other than his initials: A.R.B.

According to media reports, the worm's suspected author is said to have operated from college computers as well as his home in Ejica, and launched an internet attack against the city's official website.

"This arrest comes just days after the police apprehended in Madrid the suspected author of a Trojan horse which spied on people via their webcams," said Graham Cluley, senior technology consultant for Sophos. "The Spanish police's quick action should send out a clear message to anyone thinking of writing and releasing a worm: it's just not worth it."

Spanish police have said that they believe the suspect operated mainly at night, because when they went to search his house he was still sleeping at midday. During the search police are said to have found a collection of newspaper press cuttings about the worm and the havoc it had caused.

"A rampant ego has been the downfall of many a virus writer in the past. Although we are now seeing more organised criminal elements getting involved in virus writing, the traditional juvenile author has often felt it impossible not to brag to his friends, or leave too many clues inside his code or on the internet," continued Cluley.

Last year a 27-year-old Spanish man was sentenced to two years in prison for writing a Trojan horse said to have infected over 100,000 computers.