Sasser author gets suspended sentence

update A German judge on Friday handed down a suspended sentence of one year and nine months to the teenager who admitted he created last year's Sasser computer worm.

In addition, 19-year-old Sven Jaschan has to complete 30 hours of community service while on probation, the court in Verden, Germany, said in a statement. The probationary period is three years. Jaschan will have to fulfill the community service part of his sentence in a retirement home or a hospital, the court said.

Jaschan was found guilty on four counts of altering data and three counts of computer sabotage. The sentence marks one of few successful prosecutions of a virus writer. Authors of malicious code have typically proved difficult for law enforcement to track and catch.

During his trial, Jaschan admitted to charges of data manipulation, computer sabotage and interfering with public corporations. The trial started Tuesday and ended Friday. It was held behind closed doors because Jaschan was a minor at the time of the crime.

The Sasser worm and its six known variants started spreading in May 2004 and compromised hundreds of thousands of computers running the Windows operating system. Sasser exploited a flaw in the Windows 2000 and Windows XP operating systems and caused PCs to crash and reboot.

The suspended sentence was expected. In closing arguments on Thursday, prosecutors asked for a two-year suspended sentence with a three-year probation period. Jaschan's defense argued for a one-year suspended sentence.

Worm tracks
The teenager carefully planned the launch of the Sasser worm and released variants that would spread faster, maximizing the damage, the court found. The damage was immense and only a fraction of the total damage could be determined during trial, the court said.

Still, Jaschan's actions were typical of those of an isolated, troubled youth and not carried out for commercial gain, the court said. Jaschan created the worm in search of some form of acknowledgement from his peers, it found.

Jaschan, a resident of the town of Waffensen, was arrested in May last year after Microsoft received a tip from an informant seeking a $250,000 reward.

The Sasser case is the only success so far for Microsoft's Anti-Virus Reward Program, which was launched in November 2003. The program has offered a total of $1 million to informants who help close official investigations into four major viruses and worms, including Sasser, and has another $4 million earmarked for future rewards.

Microsoft has not disclosed the identity of the informants in the Sasser case, but the software giant said Friday it will pay the reward money to two individuals who helped identify the worm's author. They will share the $250,000.

"It has been important and gratifying to collaborate with and support law enforcement in this case," Nancy Anderson, Microsoft general counsel, said in a statement. "We're glad to provide a monetary reward to those individuals who provided credible information that helped the German police authorities."

Under the program rules, informants cannot be involved in the crime and need to provide information that leads to the conviction of the suspect.

According to Microsoft's Web site, rewards of $250,000 can still be collected for information that leads to the arrest and conviction of those responsible for launching the MyDoom.B worm, the Sobig virus and the MSBlast.A worm, which is also known as Blaster.

CNET News.com's Dawn Kawamoto contributed to this report.

[aabcdefghij987654321]

Lame, LAME, VERY LAME!

The kid causes millions of dollars in damages to computers and networks worldwide, releases his code to others who have continued to write variants which still plague the net today and yet the prosecutors ask for a short suspended sentence and the judge gives an even shorter one? Not to mention the idiots at the company which hired this kid.

Don't they have a clue? Do they understand they just said to all the like minded idiots all over the world that it's cool to write viruses because there's no real penalty for authoring such evil and there are definite rewards (such as the job)?

How many more lame brained prosecutions and judgements are we going to have to see before we see a real prosecution followed by a judgement which says "This is not ok"?

Who caused millions of dollars in damage?

I take a little exception with the above comment. While it is true
that this lad's handy work did some serious damage, I'd actually
argue that Microsoft caused the loss of millions of dollars in
productivity. Had it not been for the intrinsic uselessness of
Windows, there would have been nothing to take advantage of.
Those of us on a Linux / Mac network experienced no slowdown
or loss of productivity (perhaps there was even an increase since
we couldn't surf the web!).

I think I have to agree with News here..

I'm about as ticked off at MS as the next guy for being able to market an incredibly insecure OS to dominance. However, if you think realistically about the havoc that was caused with some services that are considered critical (transportation communication and maritime navigation) its not such a short (or radical)step to understanding that one day this "mischief" could kill someone, or perhaps, numbers of people.

Before that, or some other unfortunate tragedy is caused by what others apparently consider a trifle, those who create them need incentive to weigh carefully the legal penalties for their activity. That won't happen as long the penalties are insignificant.

This wasn't some "dumb kid." He was smart enough to exploit a vulnerability in code and create a worm that didn't need user intervention beyond a connection to the net. Don't tell me he wasn't smart enough to extrapolate to the potential of his act. It goes beyond gross irresponsibility to criminal behavior. Think I'm being to hard on him? I don't know...

[aabcdefghij987654321]

Lame, LAME, VERY LAME!

The kid causes millions of dollars in damages to computers and networks worldwide, releases his code to others who have continued to write variants which still plague the net today and yet the prosecutors ask for a short suspended sentence and the judge gives an even shorter one? Not to mention the idiots at the company which hired this kid.

Don't they have a clue? Do they understand they just said to all the like minded idiots all over the world that it's cool to write viruses because there's no real penalty for authoring such evil and there are definite rewards (such as the job)?

How many more lame brained prosecutions and judgements are we going to have to see before we see a real prosecution followed by a judgement which says "This is not ok"?

Who caused millions of dollars in damage?

I take a little exception with the above comment. While it is true
that this lad's handy work did some serious damage, I'd actually
argue that Microsoft caused the loss of millions of dollars in
productivity. Had it not been for the intrinsic uselessness of
Windows, there would have been nothing to take advantage of.
Those of us on a Linux / Mac network experienced no slowdown
or loss of productivity (perhaps there was even an increase since
we couldn't surf the web!).

I think I have to agree with News here..

I'm about as ticked off at MS as the next guy for being able to market an incredibly insecure OS to dominance. However, if you think realistically about the havoc that was caused with some services that are considered critical (transportation communication and maritime navigation) its not such a short (or radical)step to understanding that one day this "mischief" could kill someone, or perhaps, numbers of people.

Before that, or some other unfortunate tragedy is caused by what others apparently consider a trifle, those who create them need incentive to weigh carefully the legal penalties for their activity. That won't happen as long the penalties are insignificant.

This wasn't some "dumb kid." He was smart enough to exploit a vulnerability in code and create a worm that didn't need user intervention beyond a connection to the net. Don't tell me he wasn't smart enough to extrapolate to the potential of his act. It goes beyond gross irresponsibility to criminal behavior. Think I'm being to hard on him? I don't know...

A year and a half is plenty.

A young, good looking kid in the slammer for a year and a half? Never been in prison myself, but from what I hear, a lot of very bad things could happen to a kid like that in a year and a half in prison.

Besides, obviously the kid authored the virus, but it's not soley his fault that it caused so much damage.

It's also Microsoft's.

[aabcdefghij987654321]

It is solely his fault

This kid didn't have to create a virus, he did so deliberately. Burglers don't have to break into your house and steal your stuff either, they do so deliberately. Obviously it's not your fault, even if you failed to completely lock down your house. If you can't tell the difference then you're just being deliberately ignorant.

BS

10 years in prison isn't long enough.

This jack*** caused millions of dollars in damages and even more in pursuing and prosecuting him and he get away with probation? Even people caught pirating music have been penalized a lot more than this and caused far less damage.

What a joke.

[Michael Grogan]

A year and a half might be enough..

...if he actually had to serve it. He doesn't. He has to wait a year and a half before he writes another or risk serving it. All he has to do is 30 hours of community service. Less than a work week. I'm sure he's learned a VERY valuable lesson - along with all the other jerks like him. We should expect a large resurgence in virii written for purely malicious reasons after this pathetic sentence.

[Jim Harmon]

Not solely his fault?

And I suppose it's Ford's fault <mfr picked at random> that their windsheild breaks when a kid drops a cinder block on it from an overpass???

Nothing on this earth is perfect. Someone wanting to be malicious will be able to find a way, no matter what precautions are taken.

[qazwiz]

Fair as far as I've heard

Here in the USA the community service might have been 300 hours instead of just 30 but from the bits and pieces I've heard of this case I expected the suspended sentence.... which can be reinstated if the defendant gets into trouble in the, what is it a year and a half, or whatever

so there is a 19 year old who is about get a bunch of job offere for computer security/anti-hacking jobs

[qazwiz]

Fair as far as I've heard

Here in the USA the community service might have been 300 hours instead of just 30 but from the bits and pieces I've heard of this case I expected the suspended sentence.... which can be reinstated if the defendant gets into trouble in the, what is it a year and a half, or whatever

so there is a 19 year old who is about get a bunch of job offere for computer security/anti-hacking jobs

A year and a half is plenty.

A young, good looking kid in the slammer for a year and a half? Never been in prison myself, but from what I hear, a lot of very bad things could happen to a kid like that in a year and a half in prison.

Besides, obviously the kid authored the virus, but it's not soley his fault that it caused so much damage.

It's also Microsoft's.

[aabcdefghij987654321]

It is solely his fault

This kid didn't have to create a virus, he did so deliberately. Burglers don't have to break into your house and steal your stuff either, they do so deliberately. Obviously it's not your fault, even if you failed to completely lock down your house. If you can't tell the difference then you're just being deliberately ignorant.

BS

10 years in prison isn't long enough.

This jack*** caused millions of dollars in damages and even more in pursuing and prosecuting him and he get away with probation? Even people caught pirating music have been penalized a lot more than this and caused far less damage.

What a joke.

[Michael Grogan]

A year and a half might be enough..

...if he actually had to serve it. He doesn't. He has to wait a year and a half before he writes another or risk serving it. All he has to do is 30 hours of community service. Less than a work week. I'm sure he's learned a VERY valuable lesson - along with all the other jerks like him. We should expect a large resurgence in virii written for purely malicious reasons after this pathetic sentence.

[Jim Harmon]

Not solely his fault?

And I suppose it's Ford's fault <mfr picked at random> that their windsheild breaks when a kid drops a cinder block on it from an overpass???

Nothing on this earth is perfect. Someone wanting to be malicious will be able to find a way, no matter what precautions are taken.