German teenager admits in court to creating Sasser worm
He had already confessed when he was arrested last year
IDG News Service - German teenager Sven Jaschan confessed at his trial today to creating last year's Sasser computer worm that crashed hundreds of thousands of computers worldwide after spreading at lightning speed over the Internet.
Jaschan's admission is a reiteration of the confession he made last year when he was arrested (see Sasser arrest seen as small step in cybercrime fight). He is on trial in the city of Verden, Germany, where he faces charges of computer sabotage, data manipulation and disruption of public systems.
The 19-year-old admitted to the alleged offenses "in every detail," Verden District Court spokeswoman Katharina Krutzfeldt said in a telephone interview.
The charges carry a maximum sentence of five years in prison, but Krutzfeldt said that Jaschan, who was 17 and a minor at the time of his arrest, will face a lesser penalty. The penalty could be a warning or some form of public service work, but also confinement in a juvenile detention center.
Jaschan could also face civil lawsuits brought against him by companies whose IT systems were infected by the computer worm, according to Krutzfeldt. "This is a possibility that could happen after his trial in Verden," she said.
The indictment lists 142 companies, according to Krutzfeldt, including several big companies that reported attacks, such as German postal company Deutsche Post AG and Delta Airlines Inc.
Although security experts estimate the damages caused by the worm to be in the millions of dollars, Krutzfeldt said the indictment lists an amount of around $155,000.
At the time of his arrest in May 2004, Jaschan confessed to creating the computer worm and several variants of the Netsky virus. He was arrested at his family's home in Waffensen, Germany, after Microsoft Corp. received a tip from an informant seeking a reward from the software company.
Sasser, a self-executing piece of software code, exploited a hole in a component of Windows called the Local Security Authority Subsystem Service, or LSASS. The worm scanned the Internet searching for vulnerable computers.
Although Microsoft had already released a software patch, MS04-011, to plug the LSASS hole, many companies and individuals had not installed it in time to prevent the Sasser worm from affecting their systems.
- Top 12 Laptop Bags for Mobile Pros
- Think Deleted Text Messages Are Gone Forever? Think Again
- 7 New Faces of the C-suite
- 5 Ways CIOs Can Rationalize Application Portfolios
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- The cloud: inevitable, but not ubiquitous It's an age old question for those considering cloud: where do I start? But with all the hype surrounding the cloud, that's not...
- Integrating security with HP TippingPoint This white paper discusses the components and configuration requirements to implement an Intrusion Prevention System (IPS) for CloudSystem Enterprise.
- Leveraging the Cloud for Dev/Test This video discusses some of the key considerations that IT organizations should take into account when moving test and development projects to the...
- A Secure Cloud for Development and Testing Environments This video shows the benefits of hosting your development and testing environments in the Enterprise Cloud Services - Virtual Private Cloud. All Malware and Vulnerabilities White Papers | Webcasts