|Ruediger Butte, chief of state criminal office in Hanover, announced the arrest|
Last updated: 13 May 2004
Sven Jaschan, an 18-year-old computer enthusiast, has been arrested at the house he shares with his parents in the sleepy village of Waffensen, North Germany. Jaschan was arrested in connection with writing and distributing the infamous Sasser internet worm, which is estimated to have attacked tens of millions of PCs across the world.
Sophos's virus experts believe that the gang responsible for distributing the Sasser worm may also be responsible for the hard-hitting Netsky worms which have been infecting computer users for most of the year.
"Since it first emerged a week ago, the Sasser worm has been bombarding vulnerable computer systems with the most significant virus attack of 2004," said Graham Cluley, senior technology consultant for Sophos. "The authorities have moved fast in arresting this teenage suspect. Seizing this man's computers could provide the vital clues which may break open the underground worm-writing network which has been responsible for not only Sasser, but the Netsky worms too."
Sophos notes that some of the Netsky worms launched denial-of-service attacks against German and Swiss websites, in an attempt to knock them off the internet. The Netsky-Z worm, for instance, instigated attacks against an educational website based close to Jaschan's home.
Was Sven Jaschan working alone?
|Sven Jaschan is said to have written computer worms in the basement of the house he shares with his parents|
"If you scrutinise the most recent Netsky worm, you can see that the author embedded a taunt to anti-virus companies, bragging that he also wrote the Sasser worm. If this is the case, this could be one of the most significant cybercrime arrests of all time," continued Cluley. "All these worms have been highly disruptive and complex, suggesting that the author isn't working alone. Seizing this man's computers could provide the vital clues which will bring down the infamous 'Skynet' virus-writing gang. We would not be surprised if more arrests may follow in due course."
The Skynet virus-writing gang is believed to be named after the computer system which takes over the world in the Terminator films starring Arnold Schwarzenegger.
"I would be very surprised if Sven Jaschan was the only person involved in the creation of the Netsky and Sasser worms," continued Cluley. "The email archives and chat logs on his computer will provide vital leads about others in the computer underground."
"Papa, I've put out a computer worm"
|Police have arrested 18-year-old Sven Jaschan in connection with the Sasser worm|
Those who knew and met Jaschan labelled him "a computer freak" who was enthusiastic about all aspects of information technology.
"He showed a high level of knowledge in a lot of areas," Juergen Ahlden, Jaschan's computer teacher said. "But he should have recognised that what he did went far beyond the boundaries."
In an interview with a media organisation, Sven Jaschan's stepmother told how she and Jaschan's father had first discovered the teenager had been writing viruses.
"About four months ago he was over here for a visit and said 'Papa, I've put out a computer worm'," Sabine Jaschan told RTL. "And then my husband said 'Sven, you didn't do anything stupid, did you?'. He just kind of laughed nervously."
"I thought he was just fooling around with me. He said he really wanted to develop an antidote to the virus. He said he didn't want to cause any damage," said Rainer, Sven Jaschan's father.
Else Bruns, who lives next door to Jaschan, described the teenager as a loner: "He doesn't mix with people easily and prefers to spend as much time as he can on his computer."
In the past virus writers such as David L Smith, Simon Vallor and Christopher Pile have been sentenced to jail for damage caused by their malicious code. Jaschan, who only turned 18 at the end of April, is likely to be tried as a juvenile and will probably escape a prison sentence if convicted.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.