Laatste nieuws

Author Caught, Worm Still at Large

May 2004

Swen Jaschan alone, after all

A new variant of Sasser reached BitDefender Labs today. Sasser.F was compiled and released after the author of Sasser.A was arrested, prompting speculation that the author may either have distributed the source code or not been alone in creating the malware.

The new variant has the mutex name changed to "billgate", probably as a reaction to the aid given to German police by Microsoft workers.

"It is definitely a patched version of Sasser.A. Whoever released this had no access to the source code. I think the "VX team" theory is pretty much shot down in flames at this point." declared Sorin Victor Dudea, Head of Virus Research at BitDefender Labs.

The new facts discovered by BitDefender Labs have persuaded the media to put the theory to rest

A more detailed writeup on the worm code and capabilities can be found here.
