Know thy enemy: Netsky/Sasser author speaks

comment Which is worse: people who write viruses or friends and kin who know but didn't bother to stop them?
Written by Staff , Contributor and  Robert Vamosi, Contributor
comment I'm often asked who writes computer viruses. The stereotype is of an antisocial, unathletic male loner sitting in a basement late at night.
But Sarah Gordon, virus writer profiler for Symantec Corporation, has written that the typical teenage virus writer is more than likely to be the typical boy next door, with a girlfriend and often on good terms with his parents.
There have also been several female virus writers. A recent profile in the New York Times Magazine sheds further light on the once-secret daily lives of a diverse gang of virus writers.
Perhaps the most revealing look inside the virus-writing culture, however, comes from an exclusive interview with the self-confessed author of Netsky and Sasser, Sven J. Published in Stern magazine (and available only in German), Sven's actions sound suspiciously naive, more like some drugstore confession-magazine plot than a craven attempt to take over the free world. Thus his "innocent kid looking to do something good and finding himself caught up in something really bad" defense just doesn't ring true, especially after he admits to releasing 29 variations of Netsky, and at least 3 variations of Sasser. If Sven J. ends up spending some time in jail because of his activities, I say, so be it.
The author speaks
According to the Stern interview, Sven J., 18, started writing computer viruses only recently, in January of 2004, after he became fascinated with the MyDoom worm, which failed to shut down Microsoft's Windows Update site but later succeeded in shutting down SCO Linux's home page. It was around this time that Sven asked a friend if they could create something that would spread more quickly and wipe MyDoom from infected PCs.
First of all, the idea of a "helpful" virus is not new. Secondly, any virus that seeks to remove other malware from an infected computer is still, by definition, a virus. Back in 2001, Code Blue attempted to remove Code Red infections. And last year, the Nachi worm attempted to undo the effects of MSBlast; unfortunately, the Nachi worm contained errors (such as the inability to distinguish between Windows 2000 and Windows XP systems) and ended up causing a lot of damage. Any code from the outside that enters your computer and changes something without your consent is a violation, if not of your privacy, then of your computer, at least. Apparently, Sven J. is so new to the virus-writing scene that he just didn't know this.
The Stern interview captures several of these "gosh, wow" moments, such as Sven's admission that he wrote the code that could later become Netsky in the basement with his stepfather, a man who repairs PCs for a living, sitting on the other side of a wooden partition, or when Sven tells of watching the evening news and seeing his own Netsky virus mentioned, or when he hears the name Netsky and thinks its a nice name for his virus (viruses are named by antivirus experts, not the virus authors). Or when antivirus experts--me included--publicly wonder if Russian text found within Netsky implies East European programmers. "We died laughing," he grins, according to Stern.
But Sven's repeated claims of innocence and remorse fall on deaf ears after he says, "I once wrote five variants in one week...I did not do anything else." In addition to writing 29 variations of Netsky, Sven has admitted to writing a couple of variations of the Sasser worm, including the original.
I am not impressed with Sven's public mea culpa nor with his heartbreaking tale of betrayal by one of his friends. Virus writers are often exposed through carelessness, such as bragging of their exploits on IRC, or by putting a link to their own Web site, as Jeffrey Lee Parson did in MSBlast.b. Sven J. is no different.
What really scares me, though, is that so many people apparently knew of his activities yet did nothing to stop him early on. Apparently his brothers and sisters, even his classmates at the vocational school for computer science in Rotenburg, Germany, all knew what he was doing. Only after Microsoft offered $250,000 did one of his classmates, the friend he originally asked to help craft the antiworm virus, turn him in.
While specific charges are pending (German authorities are currently building their case), Sven has returned to his vocational school, sitting in classes with the very friend who betrayed him. He wonders how he will pay for all the damages should anyone file a claim against him. He wants to work for a computer security software company and concludes, "I hope sometime to be able to live a totally normal life."
Editorial standards