To no one's surprise, 19-year-old Sven Jaschan today admitted in a German court that he created the Sasser worm, which infected millions of computers worldwide by scanning randomly selected IP addresses for vulnerable systems. Despite his confession, his trial continues this week under German law, which does not allow defendants to enter formal pleas.
Various news reports say Jaschan provided a detailed account of his creation during a closed hearing in Verden, Germany. He's on trial for data manipulation, computer sabotage and interfering with public corporations. Though millions of machines were infected across the globe, this case involves three victimized German city governments and a broadcasting station, according to the Associated Press.
Sasser is regarded as one of the most damaging (and most recent) major malware outbreaks in recent years, rapidly spreading through networks by using the Internet, rather than e-mail, to find exploitable systems that had yet to patch a flaw in Microsoft's Local Security Authority Subsystem Service (LSASS), a required system file. He also was the first virus writer to be turned in by informants as part of Microsoft's bounty program.
The German teen made headlines again after his arrest when he was offered a job with security provider Securepoint Inc., whose executives said the talented teen deserved another chance to use his skills legitimately. Some in the security community expressed outrage at the hire, while others familiar with Jaschan's story said his poor judgment and youthful mistake should not prevent him from gaining employment.
Shortly after his arrest, Jaschan told the German magazine Stern he created Sasser to gain approval from peers. Described as a shy vocational school student with few friends, Jaschan quickly gained popularity when classmates discovered he was behind the Netsky worm and some of its variants, which he told reporters he released to counter Bagle and Mydoom worms circulating worldwide. "They even encouraged me to add something that would cause damage, but that was never what I wanted," he told the magazine.
In April 2004, Jaschan released Sasser, which rapidly struck businesses and government agencies worldwide, including Goldman Sachs, British Airways and the United Kingdom's Coast Guard. The swift proliferation benefited from vast numbers of networks that had yet to install a problematic Microsoft security update released just 18 days earlier. The mounting damage and pursuit by law enforcement spooked the youth, who lived in the tiny village of Brem, and he said he then vowed to friends to stop writing malicious code. He also erased parts of his computer's hard drive and encrypted files holding viral source code. One of those schoolmates turned Jaschan in, hoping to claim $250,000 in bounty money from Microsoft.
In turn, after Jaschan's arrest during a police raid of his mother's home, the teen provided authorities with the password to his files and the names of several accomplices. He then publicly admitted to his crime.
Public opinion remains divided on Jaschan's punishment, which could come as soon as Thursday and include up to five years in prison and repayment of $154,000 in damages reported by the four German victims. Some say a severe penalty should be imposed to send a message to others malware authors. Others are more sympathetic to the friendless teen's plight and believe, despite the damage his code caused, that prison is not the answer.
"I'm not sure what the point of jailing him would be," Graham Cluley, senior technical consultant for antivirus vendor Sophos, told ZDNet. "They should give him community service and a big fine."