The Royal Canadian Mounted Police have charged a teenager in connection with a worm that could be used to create an army of zombie computers for delivering spam.
The 16-year-old from the Mississauga, Ontario, area faces several charges, including mischief against data and fraudulent use of a computer. The RCMP's Integrated Technological Crime Unit says the charges are related to distribution of the Randex worm.
The charges were issued earlier this month, but the police agency made the news public on Wednesday.
The Randex worm and its variants contain a list of commonly used passwords used to hack into Windows systems. The worm originally spread via IRC and file-sharing networks such as Kazaa and LimeWire but has been modified to automatically replicate in a similar way to the Sasser and MSBlast worms. Once Randex infects a computer, that system can be controlled by spammers through an Internet Relay Chat (IRC) client.
This kind of malware causes real harm by allowing hackers to use the infected computer for "whatever twisted purpose they desire", including disruption of communications and theft of sensitive data, said Graham Cluley, senior technology consultant for Sophos.
"They could read your confidential files, steal data, or launch thousands of spam messages from your computer," he said.
The Mounties were tipped to the Randex author's whereabouts by Toni Koivunen -- an IT security hobbyist who had been tracking the worm for several months.
Mikko Hyppönen, director of antivirus research at Finnish firm F-Secure, was also contacted by Koivunen in February to discuss the possible whereabouts of the author. "He was in touch with the RCMP in late February and it seems his leads finally helped them arrest the guy," Hyppönen said.
Koivunen admitted to ZDNet UK that he tipped off the Canadian police but would not comment further at this time.
The Randex virus infected about 9,000 computers, the RCMP said. That's modest in comparison with worms such as MSBlast, but it still could have opened the way to more serious distributed denial-of-service (DDOS) attacks.
"This is not something to be made light of," said Sgt George Wiegers of the Integrated Technological Crime Unit.