Virtual fingerprints may have trapped Goner worm suspects, says Sophos

Sophos Press Release

Sophos, a world leader in corporate anti-virus protection, today applauded the arrest of four Israeli youths involved in the writing and distribution of the Goner computer worm. Sophos believes the worm itself may have included cryptic clues as to the true identity of the perpetrators.

The four high school students, aged between 15 and 16, were apprehended in the northern city of Nahariya on Friday 7 December and admitted their involvement, said Meir Zohar, the head of the police computer crime squad.

The worm poses as a screensaver called GONE.SCR. When activated it displays a message, apparently from the author to his friends:

"pentagone coded by: suid tested by ThE_SKuLL and |satan| greetings to: TraceWar, k9-unit, stef16, ^Reno. greetings also to nonick2 out there where ever you are."

W32/Goner-A graphical display

"Virus writers typically use 'handles' or nicknames to hide their true identity," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "However, for computer crime authorities these can be vital clues. Handles act as virtual fingerprints: if the author uses the nickname elsewhere links can be made and the authorities can investigate."

The suspects could face between three and five years in jail if convicted, said Zohar.

"Even though the people behind this worm have been caught - the worm will carry on causing damage. Like the contents of Pandora's box, once a worm has been released it can never be recaptured, however sorry its authors may be for the damage they have caused," Cluley continued.

Mehr als 100 Millionen Anwender in 150 Ländern vertrauen auf Sophos. Wir bieten den besten Schutz vor komplexen IT-Bedrohungen und Datenverlusten. Unsere umfassenden Sicherheitslösungen sind einfach bereitzustellen, zu bedienen und zu verwalten. Dabei bieten sie die branchenweit niedrigste Total Cost of Ownership. Das Angebot von Sophos umfasst preisgekrönte Verschlüsselungslösungen, Sicherheitslösungen für Endpoints, Netzwerke, mobile Geräte, E-Mails und Web. Dazu kommt Unterstützung aus den SophosLabs, unserem weltweiten Netzwerk eigener Analysezentren.

Die Sophos Hauptsitze sind in Boston, USA, und Oxford, UK.