[Dshield] Sasser Author captured

Dom De Vitto dom at DeVitto.com
Sun May 9 15:49:25 GMT 2004 

I read a report last week from Symantec that the Sasser worm was, after
their careful examination of the code, almost certainly written by
the author of NetSky. But yet the press haven't mentioned this...

>From this my conclusion is one of:
1) Symantec are wrong, I guess they don't know very much about viruses
   which is weird, because they are the worlds biggest IT security
   company.  Symantec have gain to make in such an announcement.

2) The German police, FBI and Microsoft are pinning everything they
   can on a couple of 18-year olds who were in the wrong chat room
   at the wrong time, and said "yez, I iz l33t! I d1d dat sassor w0rm."
   The FBI, MS and German Police have plenty to gain from publicity
   saying they have captured a major worm author, and broken a ring.

>From *my* experience:
the police tend to burst in, seize everything, and immediately hold
a press release to say how great they are.
Quiet how the Gernman Police can, on the day of the arrest,
forensically analyse hundreds of gigs of files, on (more than likely)
many computers is "interesting". But without that evidence, surely
everything they have is interception eveidence? and in UK courts
at least this doesn't stand up very well at all - it's classed as
"hearsay".

I'm sure the guy will get ten years anyway, but I doubt he wrote
sasser.

Dom
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Dom De Vitto                                       Tel. 07855 805 271
http://www.devitto.com                         mailto:dom at devitto.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Where do you want to go today?  Same as every day.... Windows Update.

-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Al Reust
Sent: Sunday, May 09, 2004 1:42 AM
To: General DShield Discussion List
Subject: [Dshield] Sasser Author captured

It appears that no one has picked up on this yet.

An 18-year-old German high school student has admitted creating the Sasser
internet worm, police say.

The teenager was arrested on Friday near the town of Rotenburg in northern
Germany with the help of the FBI and Microsoft.

http://news.bbc.co.uk/1/hi/world/europe/3695857.stm

With this - "The police may just have cracked the Netsky gang with this
arrest. The whole ring may be broken wide open," said Graham Cluley, of
British-based security firm Sophos.


On another note, the alleged author(s) of Phatbot have been captured, too.

The main suspect is a 21-year old unemployed male. This page is in German.

http://www.heise.de/newsticker/meldung/47209


Al

_______________________________________________
list mailing list
list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

More information about the list mailing list