Mass-mailing worm suspect arrested in Spain, Sophos reports

Sophos Press Release

Worm downloaded picture of well-known Madrid party girl

The Spanish Civil Guard has announced that it has detained a 20-year-old man in Ejica, near Seville, in connection with creating and spreading the "Tasin" computer worm.

The Tasin worm (also known as W32/Anzae) spread via email in November 2004. According to police it infected thousands of computers in Spain and South America, trashing critical Windows system files.

The worm spread using Spanish-language subject lines, and created headlines when it became known that it downloaded from the internet pictures of the pneumatic Madrid party girl, Nuria Bermudez. Ms Bermudez is well known to the local media having claimed to have slept with half of the Real Madrid soccer team.

A Spanish police investigation team began "Operation Astigi" to hunt down the creator of the worm in late 2004, finding clues hidden inside the code which gave the worm's author's internet pseudonym. The suspect's identity has not been revealed, other than his initials: A.R.B.

According to media reports, the worm's suspected author is said to have operated from college computers as well as his home in Ejica, and launched an internet attack against the city's official website.

"This arrest comes just days after the police apprehended in Madrid the suspected author of a Trojan horse which spied on people via their webcams," said Graham Cluley, senior technology consultant for Sophos. "The Spanish police's quick action should send out a clear message to anyone thinking of writing and releasing a worm: it's just not worth it."

Spanish police have said that they believe the suspect operated mainly at night, because when they went to search his house he was still sleeping at midday. During the search police are said to have found a collection of newspaper press cuttings about the worm and the havoc it had caused.

"A rampant ego has been the downfall of many a virus writer in the past. Although we are now seeing more organised criminal elements getting involved in virus writing, the traditional juvenile author has often felt it impossible not to brag to his friends, or leave too many clues inside his code or on the internet," continued Cluley.

Last year a 27-year-old Spanish man was sentenced to two years in prison for writing a Trojan horse said to have infected over 100,000 computers.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at