German teenager indicted over Sasser worm

IDG News Service - Prosecutors in Verden, Germany, indicted an 18-year-old student yesterday for allegedly creating the Sasser worm, which crashed hundreds of thousands of computers worldwide after spreading at lightning speed over the Internet.
In their 77-page indictment, prosecutors in the northern German town charged the suspect, Sven Jaschan, with computer sabotage, data manipulation and disruption of public systems.
Informants, seeking a $250,000 reward from Microsoft Corp., tipped off the U.S. software giant to Jaschan. He was arrested on May 7 after confessing to German crime officials that he originally wanted to create a virus, Netsky, to remove two other viruses, MyDoom and Bagle, from infected computers (see story). After developing several versions of Netsky, he created Sasser, according to the officials.
Sasser didn't require users to receive an e-mail message or open a file to be infected. Instead, just having a vulnerable Windows machine connected to the Internet was enough to get infected.
Sasser exploited a hole in a component of Windows called the Local Security Authority Subsystem Service, or LSASS. On April 13, Microsoft had released a software patch to plug the LSASS hole, but many companies and individuals hadn't installed it in time to prevent the Sasser worm from affecting their systems.
The indictment papers list 173 witnesses. Prosecutors said 143 victims had filed charges, claiming damages of $158,000.
But because many businesses and individuals seldom report such damages, the actual figure could be in the millions of dollars, a spokesman at the Verden prosecutors' office said.
Computer sabotage carries a maximum sentence of five years, according to the spokesman. "But considering that this young person had no previous criminal offenses, a five-year sentence is illusionary," he said.
A date for the trial has yet to be set, the spokesman said.