A German high-school student has confessed to creating the "Sasser" worm that generated chaos across the globe by infecting hundreds of thousands of computers, authorities said Saturday.
The teenager, whose name was not released, was arrested Friday in the northern village of Waffensen, where he lives with his family. In a search of the suspect's home, German investigators confiscated his customized computer, which contained the worm's source code.
"As a result of the student's detailed testimony about the viruses he spread, he has been identified clearly as the author," the state criminal office in Hanover said in a statement. Spokesman Detlef Ehrike said he is being investigated on suspicion of computer sabotage, which carries a maximum sentence of five years in prison.
After being questioned, the teenager was released pending charges.
The worm raced around the world over the past week, exploiting a flaw in Microsoft's Windows operating system.
Microsoft said informants contacted it on Wednesday, offering information about the worm's creator. The company's investigators worked with German authorities, the FBI and Secret Service agents, tracing the virus by analyzing its source code, said Brad Smith, Microsoft's top lawyer.
The company would not say how many people came forward or identify them. But in Germany, Microsoft data protection official Sascha Hanke said the informants had backed up their tip by providing part of the worm's source code.
"We can say with great certainty that these people got the source code from the author," he told reporters in Hanover. Hanke said he met in northern Germany on Thursday night with the informants, who told him who the author was.
Unlike many infections, Sasser does not require users to activate it by clicking on an e-mail attachment. Once inside, the worm scans the Internet for others to attack, causing some computers to continually crash and reboot.
The teenager told officials that his original intention was to create a virus called "Netsky A" that would combat the "Mydoom" and "Bagle" viruses, removing them from infected computers. In the course of that effort, he developed Sasser.
"The student did not give any thought to the resulting consequences or damage," investigators' statement said.
On Monday, the worm hit public hospitals in Hong Kong and one-third of Taiwan's post office branches. Twenty British Airways flights were each delayed about 10 minutes Tuesday due to Sasser troubles at check-in desks. British coast guard stations were forced to use pen and paper for charts normally generated by computer.
Sasser is known as a network worm because it can automatically scan the Internet for computers with the security flaw and send a copy of itself there.
The German government's information technology security agency said there were four versions of Sasser.
"The first version was amateurish," spokesman Michael Dickopf said. However, the others "were clearly different in the damage they caused."
Police said the German teenager was responsible for all the versions, in addition to variants of the Netsky virus.
Microsoft investigators told the informants, who had asked whether they would be eligible for a reward, that they would consider paying $250,000 if the information led to the arrest and conviction of those responsible. Smith said the arrest was a sign that such rewards work.
"We believe this is an important step forward in the industry's ability to fight malicious code on the Internet," he said.
Meanwhile, prosecutors in Stuttgart said an unemployed 21-year-old man was arrested Friday in Loerrach, on Germany's border with Switzerland, and admitted to creating a worm that goes by the names "Agobot" and "Phatbot" along with other hackers.
Prosecutors, who said they acted after receiving information from US authorities, said there were no indications of any link between the man and the Sasser programer.
(China Daily May 9, 2004)