Confusion surrounds Blaster-F worm investigation in Romania, Sophos Anti-Virus comments

Sophos Press Release

Police in Romania were reported earlier this week to have arrested a 24-year-old man in connection with the W32/Blaster-F internet worm.

According to media reports, Dan Dumitru Ciobanu, a graduate of the Technical University in Iasi, was said to have been traced through his online nickname "Enbiei" (used as a filename by the virus) and a section of Romanian language text contained inside the virus. The text, when translated into English, reads as follows:

"Don't go to the Hydrotechnics faculty!!! You are wasting your time... Birsan, your pension awaits!!! I urinate on the diploma!!!!!!"

This was said to have directed the authorities through a series of message boards to a website belonging to Ciobanu, containing his home address and telephone number.

According to reports from the media and a Romanian anti-virus company, police seized a number of computers from Ciobanu's home and workplace, which they say will be analysed for evidence.

However, the authorities in Romania are now saying that no arrest has taken place - and they are refusing to name any individuals who may be under investigation.

"Leaving a message in your virus about an old teacher you didn't like is a pretty dumb thing to do," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "This investigation comes less than a week after the FBI apprehended Jeffrey Lee Parson in Minnesota regarding an earlier variant of the Blaster worm. The message needs to go out loud and clear - writing and spreading a virus is unacceptable behaviour, and causes real harm to home users and businesses around the world."

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at