MoMusings

But only gets a suspended sentence of 21 months and ordered to do 30 hours of community service - meaning he will walk free!

Here’s a quote from one of the reports:

“Sven Jaschan, 19, was found guilty of computer sabotage and illegally altering data, said Katharina Kruetzfeld, a spokeswoman for the court in the northwestern town of Verden.“

Jaschan admitted creating the worm at the start of the trial on Tuesday the 5th July.

He was arrested back in May 2004 “sitting at his computer” at his home in the small northern German town of Waffensen after Microsoft received a tip-off from an informant seeking the reward of $250,000 that they were offering for information on those responsible for Sasser.

Sasser exploited a flaw [vulnerability] in the Windows 2000 and Windows XP operating systems. It started to infect systems and spread to other systems which had not been patched on its release date of the 1st of May 2004.

Microsoft had released a patch for this loophole on 13th of April 2004 and an updated patch on the 28 April 2004, however many companies at that time took on average 2-4 months to test new patches before deploying them to fix vulnerable systems.

Windows error messages displayed when a system became infected by Sasser.

According to the news item: “Authorities who questioned Jaschan said they got the impression his motive was to gain fame as a programmer.” He got infamy instead and offered a job at a security software company.

SecurePoint employed Jaschan the [now convicted] creator of a number of Netsky variants [many of which were quite destructive] and Sasser, as a trainee software developer, working on the companies firewall products. Would you buy a firewall from this company, knowing a self-confessed virus author may have had a hand in it?

As I mentioned before in my rant on this very blog back in November last year:

“What sort of message is being given out by the current trend of a small minority of security firms who seem to be going out of their way to actively seek out and employ virus writers and ex-virus writers?“

I think that some elements in society see malware authors as some form of glorified digital freedom fighters, talented programmers or uber geeks….when in reality they are nothing more than criminals and should be treated as such!

This quote from Graham Cluley of Sophos, clearly shows that Jaschan’s creation are a real threat: “Even a year after his arrest, it is more likely that you will be infected by a worm written by Sven Jaschan than any other virus author“.

The sentence he has received is well short of the maximum sentence of five years in jail that a conviction of computer sabotage carries under German law.

What do you think, both on his level of sentencing and his working for a company that makes security software?

Links:
http://news.bbc.co.uk/1/hi/technology/4659329.stm
http://www.sophos.com/virusinfo/articles/sasserfree.html