Swedes detain Ganda worm suspect

Swedish police have taken custody of a man accused of writing the Ganda worm, which tricked users into launching its payload by promising spy satellite images of Iraq

Swedish police have detained a man suspected of writing the Ganda worm, which played on public interest in the current Iraq conflict to spread a dangerous payload.

The worm did not spread to many computers when it appeared last week, but attracted attention because of the gimmick it used to trick readers into launching the attachment, promising "pictures taken by one of the US spy satellites during one of its missions over Iraq" and other war-related files.

However, the worm's code also contained an unsubtle message that police said helped them track down their suspect: "Coded by Uncle Roger in Haernoesand, Sweden, 03.03. I am being discriminated by the Swedish school system. This is a response to eight long years of discrimination. I support animal-liberators worldwide."

The suspect was found in Haernoesand, a town 400 kilometres north of Stockholm, police spokesman Torbjoern Ull told Swedish newspapers on Tuesday. Police raided the suspect's home on Friday and he later confessed to creating Ganda. The case is Sweden's first involving a virus writer.

The man was not arrested, but will be charged with computer trespassing and inflicting damage, according to the daily newspaper Aftonbladet.

Attackers commonly use "social engineering" tactics to lure computer users into danger; the Loveletter worm, one of the most destructive ever, posed as a Valentine message. "Virus writes will use any occasion that they think will work on computer users, no matter how sick -- be it the attack on the World Trade Centre or the war with Iraq," said Jack Clark, product manager at McAfee, in an earlier interview. "They are just looking for attention and will use anything that will guarantee them media attention."

Silicon.com's Will Sturgeon contributed to this report.


For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Let the editors know what you think in the Mailroom.