The Randex worm and its variants contain a list of commonly used passwords used to hack into Windows systems. The worm originally spread via IRC and file-sharing networks such as Kazaa and LimeWire but has been modified to automatically replicate in a similar way to the Sasser and MSBlast worms. Once Randex infects a computer, that system can be controlled by spammers through an Internet Relay Chat (IRC) client.
This kind of malware causes real harm by allowing hackers to use the infected computer for "whatever twisted purpose they desire", including disruption of communications and theft of sensitive data, said Graham Cluley, senior technology consultant for Sophos.
"They could read your confidential files, steal data, or launch thousands of spam messages from your computer," he said.
The arrest comes just weeks after German police moved in on two groups of youths in connection with authoring the Sasser worm and the Phatbot Trojan.
The Mounties were tipped to the Randex author's whereabouts by Toni Koivunen -- an IT security hobbyist who had been tracking the worm for several months.
Mikko HyppÃƒÂ¶nen, director of antivirus research at Finnish firm F-Secure, was also contacted by Koivunen in February to discus the possible whereabouts of the author. "He was in touch with the RCMP in late February and it seems his leads finally helped them arrest the guy," HyppÃƒÂ¶nen said.
Koivunen admitted that he tipped off the Canadian police but would not comment further at this time.