December 3, 2003
(IDG News Service)
Police in Spain yesterday arrested in Madrid a 23-year-old man suspected of being the author of the W32/Raleka worm which infected more than 120,000 computers in August.
The Raleka worm operated in a similar way to the Blaster worm, both exploiting the critical Windows RPC Service vulnerability in versions of Microsoft Corp.'s Windows 2000 and XP operating systems. Infected machines could then be used to mount further remote attacks.
According to the Web site of the Guardia Civil police unit, the arrested man used the nickname 900K and was the leader of a group of hackers called Akelarre. The man's name was not released.
A technical investigation of the virus enabled police to track down the Akelarre group and make the arrest and impound eight computers, the Guardia Civil said.
This is the first arrest of a suspected virus author in Spain, showing that antivirus efforts are improving, according to security vendor Sophos PLC.
"Computer crime authorities around the world are now more equipped at hunting down the perpetrators of hacking and virus crimes," said Graham Cluley, senior technology consultant for Sophos in a statement. "Virus writers should be asking themselves whether it's really worth taking the risk."