An apparently simple error led a 20-year-old computer expert
to turn himself in to police late Tuesday - he confessed to
Dutch police that he was the author of the Anna Kournikova
virus that has been plaguing unprotected PC users since
Monday, authorities say.
Sources familiar with the case say that the FBI and
Interpol had traced the original upload of the Visual Basic
virus, which used encryption techniques to hide itself, to
an Excite@Home subscriber account in the Netherlands.
The trace was made within a matter of hours of the
investigation starting by the FBI Tuesday.
Investigators had been expecting the virus author to use
one of the many anonymous e-mail servers and IP (Internet
protocol) data stream rerouters to cover his/her tracks, but
they got lucky - the author apparently did not expect to be
caught.
The 20-year-old, whose name cannot be given for legal
reasons, is from Friesland in the north of the Netherlands
and is thought to be a student.
Reports suggest that he turned himself in when he
realized the problems his virus was causing, as well as the
fact that Dutch police were hot on his trail.
F-Secure, the first IT security company to break the news
of the Kournikova virus on Monday, said this afternoon that
Atremo AB, its partner in Sweden, was able to assist the FBI
in tracking down the location of the Dutch programmer.
Atremo's staff handed the details over to the FBI's European
staff.
Atremo says that it was able to track down the man using
his IP address, which was left in various messages Tuesday
in Usenet newsgroups.
Chris Vargas, F-Secure's president, said that server
systems around the world were slowed down or similarly
impacted as the virus flowed across the Internet.
"As a result of this irresponsible conduct, many
e-mail servers were shut down, leading to a decrease in
productivity, a slowdown in customer service, and other
unknown impacts," he said.
F-Secure says that the escapade appears to have been a
misguided attempt to demonstrate that many people have
ignored dire warnings of the past and failed to install
antivirus software on their PCs.
F-Secure's Web site is at http://www.f-secure.com/
.
Sophos' Web site is at http://www.sophos.com/
.