German Teen Confirms He Created the Sasser Worm

DUSSELDORF, GERMANY -- German teenager Sven Jaschan confessed at his trial on Tuesday to creating last year's Sasser computer worm that crashed hundreds of thousands of computers worldwide after spreading at lightning speed over the Internet.

Jaschan's admission is a reiteration of the confession he made last year when he was arrested. He is on trial in the city of Verden, Germany, where he faces charges of computer sabotage, data manipulation, and disruption of public systems.

The 19-year-old admitted to the alleged offenses "in every detail," Verden District Court spokesperson Katharina Krutzfeldt said in a telephone interview.

The charges carry a maximum sentence of five years in prison but Krutzfeldt said that Jaschan, who was 17 and a minor at the time of his arrest, will face a lesser penalty. The penalty could be a warning or some form of public service work, but also confinement in a juvenile detention center.

For a full examination of how the Sasser worm worked, see PC World's story "Biography of a Worm."

Civil Lawsuits Possible

Jaschan could also face civil lawsuits brought against him by companies whose IT systems were infected by the computer worm, according to Krutzfeldt. "This is a possibility that could happen after his trial in Verden," she said.

The indictment lists 142 companies, according to Krutzfeldt. It includes several big companies that reported attacks, including the German postal company Deutsche Post and Delta Airlines.

Although security experts estimate the damages caused by the worm to be in the millions of dollars, Krutzfeldt said the indictment lists an amount of around $155,000.

Background

At the time of his arrest in May 2004, Jaschan had confessed to creating the computer worm and several variants of the Netsky virus. He was arrested at the family's home in Waffensen, Germany, after Microsoft received a tip from an informant seeking a reward from the software company.

Sasser, a self-executing piece of software code, exploited a hole in a component of Windows called the Local Security Authority Subsystem Service, or LSASS. The worm scanned the Internet in search of vulnerable computers.

On April 13, Microsoft had released a software patch, MS04-011, which plugs the LSASS hole, but many companies and individuals had not installed it in time to prevent the Sasser worm from affecting their systems.

Subscribe to the Security Watch Newsletter

Comments