Man arrested in connection with dating website hack and Fathers 4 Justice worms, Sophos reports

Sophos Press Release

According to a report in the popular online IT news website The Register, a 37-year-old man has been arrested by British police under suspicion of hacking into online dating website,

Officers from New Scotland Yard's Computer Crime Unit are also said to have found evidence on the Sheffield man's home computer that he was responsible for writing the Mirsa email-aware worms, which struck in January, spreading messages supporting the "Fathers 4 Justice campaign" and attacking the policies of Prime Minister Tony Blair's government.

The suspect, who has been arrested last week under the Computer Misuse Act, has been released on bail pending further enquiries, and a detailed computer forensic analysis.

A spokesman for the website told Sophos that the suspect had only accessed four of its members accounts "after a lot of effort", and that no credit card information was exposed. More information on the case is available on the dating website.

The "Fathers 4 Justice" campaign has made headlines in the UK and elsewhere around the world because of high profile media stunts perpetrated by some of its members, such as scaling the walls of Buckingham Palace dressed as the superhero Batman. The organisation has denied any involvement or endorsement with the Mirsa viruses.

A clue in the code?

Sophos reported in January about a possible clue buried inside one of the Mirsa worms which might suggest the author was from the Sheffield area. Hidden inside the W32/Mirsa-A virus, and not normally displayed to the infected user, is a section of text: "sheffield hallam university is corrupt".

Message hidden inside the W32/Mirsa-A worm
Hidden inside the W32/Mirsa-A worm is a message about Sheffield Hallam University

"Crime fighters had a strong lead to pursue when it was realised that the worm included a hidden reference to Sheffield," said Graham Cluley, senior technology consultant for Sophos. "It's possible, however, that ultimately the investigation into a hacked dating website resulted in the identification of this suspected virus writer."

Other messages included inside the Mirsa worms included:

Fathers 4 Justice
Coded by UK Digital Binary Division
UK Government will listen Fathers 4 Justice
respect to:


We are NOW supporting Fathers 4 Justice
Tony Blair: you really should LISTEN to us or we will take further action

Sophos recommends computer users ensure their anti-virus software is up-to-date, and that companies protect themselves with a consolidated solution which can defend them from the threats of both spam and viruses.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at