Watch CBS News
X-SciTech

Computer Worm Traced To Germany

/ CBS/AP

Add CBS News on Google

German authorities have arrested an 18-year-old suspected of creating the "Sasser" computer worm, which infected hundreds of thousands of computers worldwide, an official said Saturday.

The suspect, a high school student, was arrested Friday and has told authorities he was behind the worm, said Frank Federau, a spokesman for the state criminal office in Hanover.

Police and prosecutors on Friday searched his parents' house in the northern town of Waffensen, Federau said. He did not release the man's identity, and said he did not immediately have details of how the suspect was tracked down.

The teenager is being investigated on suspicion of computer sabotage, which carries a maximum sentence of five years in prison, said Detlef Ehrike, another state criminal office spokesman. After being questioned, he was released pending charges.

"This worm did a lot of damage worldwide. It delayed flights of British airlines, it shut down government agencies in a number of countries, and it wreaked havoc on hundreds of thousands of computers, both in the corporate world and at home," said CBSNews.com Technology Consultant Larry Magid.

The German newsweekly Der Spiegel reported, without citing sources, that the CIA and FBI also were involved in the hunt for the worm's creator, whom it identified as Sven J. It said the suspect's motives were unclear.

The worm exploited a flaw in Microsoft Corp.'s Windows operating system.

"Microsoft is very vulnerable, because Windows XP and other versions of Windows have a number of holes or "back doors" that virus writers and worm writers and other hackers have learned to exploit," said Magid. "This is hardly the first time nor the last time that a teenager has succeeded in disrupting hundreds of thousands of computers around the world by exploiting a flaw in Microsoft Windows."

The German government's information technology security agency said there were four versions of Sasser. Spokesman Michael Dickopf said he didn't know whether the arrested teenager was responsible for all of them.

"The first version was amateurish," Dickopf said. However, the others "were clearly different in the damage they caused."

Unlike most outbreaks, Sasser does not require users to activate it by clicking on an e-mail attachment. Once inside, the worm scans the Internet for others to attack, causing some computers to continually crash and reboot.

Sasser is known as a network worm because it can automatically scan the Internet for computers with the security flaw and send a copy of itself there.

That means that even with the arrest of the German teen, there's still a threat.

"Sasser continues to propagate on its own, and it's going to be with us for awhile," warns Magid. He recommends that Windows users who have not already done so should go to Microsoft's Windows update site and download the latest patch. Plus, "you should always have anti-virus software and you should have a firewall program to keep hackers and malicious viruses out of your computer."

On Monday, the worm hit public hospitals in Hong Kong and one-third of Taiwan's post office branches. Twenty British Airways flights were each delayed about 10 minutes Tuesday due to Sasser troubles at check-in desks, while British coast guard stations used pen and paper for charts normally generated by computer.

"We don't know for sure what his motivation was, but there is some evidence that he might have been trying to eradicate the MyDoom and Bagel virus by planting what he thought was a benevolent virus — but that's a very dangerous game," said Magid. "Any time you put a virus out there, even if you think it's going to do some good, there is always a chance that it could do more harm."

© 2004 CBS Interactive Inc. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. The Associated Press contributed to this report.

View CBS News In
CBS News App Open
Chrome Safari Continue