Suspected virus writer arrested in Spain, Sophos comments

Sophos Press Release

Spanish police announced the arrest at a news conference

Spanish police have announced that they have arrested a suspected virus author, the first believed to have ever been apprehended in Spain.

According to the Civil Guard investigation the 23-year-old man arrested in Madrid is believed to be responsible for the W32/Raleka worm which, according to a police spokesman, infected more than 120,000 users in 14 days earlier this year.

The authorities followed leads which directed them to investigate a Spanish hacking and phone phreaking gang named "AKELARRE". This line of inquiry lead the authorities to investigate a number of properties and individuals. Three houses were searched, eight computers confiscated and a 23-year-old man nicknamed "900K" has been arrested. "900K" is believed to be the leader of the hacking gang, whose other members go by names such as "DOING", "SANITY", "DEBYSS" and "DARKEAGLE".

The Raleka worm operated in a similar manner to the prevalent Blaster worm, exploiting a critical security vulnerability in many versions of Microsoft's Windows operating system. Once infected computers had been compromised they could be controlled by a remote hacker.

"Viruses are not harmless pranks; they cause real harm disrupting business and personal communications as well as destroying and stealing sensitive data. The Raleka worm was no different, indiscriminately infecting innocent computer users," said Graham Cluley, senior technology consultant for Sophos. "Computer crime authorities around the world are better equipped than ever at hunting down the perpetrators of hacking and virus crimes. Virus writers should be asking themselves whether it's really worth taking the risk."

In January 2003, a British virus writer was sentenced to two years in jail for distributing a number of viruses he had written. Recently Microsoft announced a $500,000 bounty for information leading to the successful conviction of the authors of the Blaster and Sobig worms. Although Raleka used a similar trick as Blaster, it is not believed the arrest is connected to Microsoft's reward.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at