GERMANY Police find Sasser worm's source on computer

Four variants of the Sasser worm are still out there.
KNIGHT RIDDER NEWSPAPERS
BERLIN -- In the end, police discovered the source of the Sasser computer worm, which in recent days shut down Finnish banks, the British Coast Guard and millions of computers worldwide, in the homemade computer of an 18-year-old kid.
Acting on a tip from software giant Microsoft, police raced Friday into the northern German village of Waffensen, near Bremen, to search the home of a technical school student-programmer and hacker. By Saturday, the student had confessed, experts had reviewed seized materials and the case was seen as a wrap.
"We found the source code on a computer he had made by himself," said Frank Federau, spokesman for the police. "He was arrested for a while, and we talked to him. Now he is back home again. We believe the case is solved."
Worm still out there
Police declined to name the young man, whose four variants of the Sasser worm are still out there and are expected to cause damage for some time.
Microsoft Chief Counsel Brad Smith said the creation of the Sasser worm illustrates a growing problem with a new wave of hackers who share tricks online and exploit the software weaknesses that Microsoft reveals when it offers patches to users to fix the problems.
"This is a fellow in a technical college, experienced with computer code, and he used his expertise to do harm rather than good," he said.
The Sasser worm appeared 18 days after Microsoft posted a patch to fix a flaw. It got computers whose users had failed to install the patch.
Suspect gives motive
According to German police, the young man said he hadn't set out to create a computer virus. Rather, he said he set out to create an anti-virus that would wipe out Netsky A and some other well-known computer viruses.
"He said Sasser emerged as a modification of Netsky A," police spokesman Detlef Ehrinke said in an official statement Saturday. "He said he didn't give much thought to the consequences of what he had created."
Sasser, which first showed up April 30, preyed on Microsoft Windows XP, 2000 and NT operating systems, especially on personal computers.
Police, Microsoft officials and news reports indicate that Sasser was among the half dozen costliest computer-cripplers ever.
In the case of 19 infected British Coast Guard stations, sailors were forced to return to paper maps and pens -- although officials noted that Sasser did not affect any rescue operations.
Informants
Microsoft's Smith said German informants drawn by the company's anti-virus reward program gave company experts all they needed to build a technical case. The program has offered rewards of up to $250,000 in past hacker cases, and the company told the informants that they would be eligible for a reward after a conviction.
Microsoft's techies tipped off German police, who executed a search warrant.
"We believe the evidence was overwhelming," Smith said.
Criminal hacking can carry a prison term of up to five years In Germany.