Security news
Security news29 November 2004
Police question notorious ex-virus writer and confiscate computers, Sophos reports
 |
| Marek Strihavka (also known as "Benny") has been questioned by the police. He was interviewed by the New York Times in early 2004. |
According to reports on a IT security website, Czech police have interviewed and confiscated computers from "Benny", a former member of the 29A virus-writing gang.
22-year-old Marek Strihavka, who lives in Brno in the Czech Republic, was questioned by police on Thursday 25 November and had all of his computer equipment confiscated for further examination.
According to the media report, police questioned Strihavka - who uses the nickname "Benny" online - principally about the Slammer internet worm which exploited a vulnerability in Microsoft's SQL Server software and slowed down sections of the internet in January 2003.
In a statement dated February 18 2003 "Benny" announced his retirement as a virus writer.
"Benny has always said that he never released his viruses into the wild, so it will be interesting to see if any charges will be brought against him. However, he has published his dangerous viral source code on the internet which may have acted as an encouragement for others to cause damage," said Graham Cluley, senior technology consultant. "Virus-writing is not just a juvenile prank - it causes real harm to the data of innocent computer users worldwide. It's good to see police around the world take action against those in the computer underground who promote virus writing and malicious behaviour."
Earlier this month it was revealed that "Benny", who claims to have now given up writing viruses, has gained employment writing anti-virus software for a Czech company.
"Benny", who posted a weblog on the internet and has published photographs of himself online, was said by 29A to have resigned his membership of the malware-writing group two weeks ago. In the wake of the police action, two other members of the 29A gang - "Ratter" and "dis69" - are said to have resigned from the group and "Benny"'s weblog has disappeared.
"Benny" famously told the New York Times in an interview that he decided to write a virus to exploit Windows 2000, two weeks before Microsoft released the new version of their operating system.
Another member of the 29A virus-writing gang, "Whale", was found guilty by a Russian court earlier this month.
Some of Benny's viruses explained:
W32/Donut-A
A .NET-aware Windows file infecting virus. The virus displays a message box saying: This cell has been infected by dotNET virus! .NET.dotNET by Benny/29A
W32/Lindose
The Lindose virus could infect both Windows and Linux systems.
W98/Millenium
Displays a message box which says: Win32.Milennium by Benny/29A, First multifiber virus is here, beware of me :-), Click OK if u wanna run this shit
W2K/Stream
The first virus that took advantage of NTFS Alternative Data Streams (ADS).
The virus displays a message box saying: Win2k.Stream by Benny/29A & Ratter. This cell has been infected by [Win2k.Stream] virus!
W2K/Instal
The first virus for Microsoft's Windows 2000 operating system. The following text is hidden inside the virus code: [Win2000.Installer] by Benny/29A & Darkman/29A
