According to US media reports, the FBI is expected to arrest a man today in connection with one of the various variants of the W32/Blaster internet worm.
The 18-year-old man was reportedly seen by a witness testing his virus, based on the original W32/Blaster-A worm. The witness subsequently contacted the authorities, according to John Hartingh, a spokesman for the US Attorney in Seattle. The suspect is believed to have already been questioned by authorities and is under surveillance. He is not believed to be from Washington.
"A clear message needs to go out to all of those who think distributing and writing viruses is 'cool' or 'harmless fun'. Once a virus has been released on the internet it can never be taken back, it is no longer under anybody's control and can be very damaging," said Graham Cluley, senior technology consultant at Sophos Anti-Virus. "It has not taken the FBI long to act in this case, which is a strong indication that law enforcement authorities worldwide are getting better at chasing and capturing cyber-criminals."
The first variant of the Blaster worm, W32/Blaster-B, is functionally equivalent to its predecessor but creates a file called teekids.exe rather than msblast.exe in the Windows system folder. It also creates a different registry entry and includes some offensive text (which does not get displayed) directed towards Microsoft, Bill Gates, and the anti-virus industry.
United States Attorney John McKay has announced that a press conference will be held at 13:30 PST today at the US Attorney's Office in Seattle, Washington to present more information on the investigation. He will be joined by FBI Acting Special Agent in Charge R. Scott Crabtree, and United States Secret Service Special Agent in Charge Wallace Shields.
In January 2003, a British virus writer was sentenced to two years in jail for distributing a number of viruses he had written.
Update: Blaster worm suspect arrested and named - computers seized in Minnesota
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.