Feeds

Sasser suspect walks free

Probation and no fine for 'world's worst' VXer

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

The teenage author of the infamous Sasser worm has been sentenced to one year and nine months probation following his conviction for computer sabotage offences. Sven Jaschan, 19, escaped a prison sentence after confessing to computer sabotage and illegally altering data at the beginning of his trial in the German town of Verden this week. Jaschan will also have to serve 30 hours community service at the local hospital but he escaped any fine.

The teenager was tried behind closed doors in a juvenile court because he was 17 at the time the worm was created, a mitigating factor that went a long way to ensuring Jaschan escaped a more severe punishment for the havoc he wrought.

Sasser is a network aware worm that exploited a well-known Microsoft vulnerability (in Windows Local Security Authority Subsystem Service - MS04-011) to infect thousands of systems in May 2004. German prosecutors picked three German city governments and a broadcaster whose systems were disrupted by Sasser as specimen victims in the prosecution against Jaschan. These organisations were selected from the 143 plaintiffs with estimated damages of $157,000 who have contacted the authorities. All indications are that this is the tip of a very large iceberg. Anti-virus firm Sophos reckons Jaschan was responsible for more than 55 per cent of the viruses reported it last year, thanks to his role in creating bot the Sasser and NetSky worms.

"Jaschan's worms caused considerable damage, but was committed when he was still a junior. Some who have to defend computer systems against worms may feel frustrated that the sentence isn't stronger, but it has to be remembered that he was a young kid who did something immensely dumb rather than one of the organised crime gangs intent on stealing money via viruses that we are now commonly encountering," said Graham Cluley, senior technology consultant at anti-virus firm Sophos.

"It is, however, surprising that there doesn't appear to any fine attached to his sentence. From the sound of things Jaschan will go into work at the security firm that employs him [Securepoint] just as normal tomorrow morning."

Jaschan was arrested in the village of Waffensen near Rotenburg, in northern Germany, on suspicion of writing and distributing the Sasser worm in May 2004. The teenager later confessed to police that he was both the author of Sasser and the original creator of the NetSky worm.

He was arrested after a tip-off to Microsoft from individuals (Jaschan's erstwhile friends) hoping to cash in through Microsoft's Anti-Virus Reward Program. Investigators questioned Jaschan's mates on suspicion of assisting his virus writing activities but none have been charged. ®

Related links

Sasser author sentencing report, by German daily Der Spiegel

Related stories

German police arrest Sasser worm suspect
Police probe Sasser informant
German police raid five homes in Sasser case
Sasser author gets IT security job
Sasser kid blamed for viral plague

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.