Sophos, a world leader in corporate anti-virus protection, today
applauded the arrest of four Israeli youths involved in the writing
and distribution of the Goner computer worm.
Sophos believes the worm itself may have included cryptic clues as
to the true identity of the perpetrators.
The four high school students, aged between 15 and 16, were
apprehended in the northern city of Nahariya on Friday 7 December
and admitted their involvement, said Meir Zohar, the head of the
police computer crime squad.
The worm poses as a screensaver called GONE.SCR. When activated
it displays a message, apparently from the author to his
"pentagone coded by: suid tested by ThE_SKuLL and |satan|
greetings to: TraceWar, k9-unit, stef16, ^Reno. greetings also to
nonick2 out there where ever you are."
"Virus writers typically use 'handles' or nicknames to hide
their true identity," said Graham Cluley, senior technology
consultant for Sophos Anti-Virus. "However, for computer crime
authorities these can be vital clues. Handles act as virtual
fingerprints: if the author uses the nickname elsewhere links can
be made and the authorities can investigate."
The suspects could face between three and five years in jail if
convicted, said Zohar.
"Even though the people behind this worm have been caught - the
worm will carry on causing damage. Like the contents of Pandora's
box, once a worm has been released it can never be recaptured,
however sorry its authors may be for the damage they have caused,"