Mounties charge teenage virus suspect

The Royal Canadian Mounted Police have laid charges against a 16-year old Canadian in connection with the Randex worm.

Munir Kotadia Special to CNET News
2 min read
The Royal Canadian Mounted Police have charged a teenager in connection with a worm that could be used to create an army of zombie computers for delivering spam.

The 16-year-old from the Mississauga, Ontario, area faces several charges, including mischief against data and fraudulent use of a computer. The RCMP's Integrated Technological Crime Unit says the charges are related to distribution of the Randex worm.

Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.

The charges were issued earlier this month, but the police agency made the news public on Wednesday.

Randex and its variants contain a list of commonly used passwords used to hack into Microsoft Windows-based systems. The worm originally spread via Internet relay chat (IRC) and file-sharing networks such as Kazaa and LimeWire, but it has been modified to automatically replicate in a way similar to the Sasser and MSBlast worms. Once Randex infects a computer, that system can be controlled by spammers through an IRC client.

This kind of "malware," or malicious program, causes real harm by allowing hackers to use the infected computer for "whatever twisted purpose they desire," said Graham Cluley, a senior technology consultant for antivirus software maker Sophos. These could include disruption of communications and theft of sensitive data.

"They could read your confidential files, steal data, or launch thousands of spam messages from your computer," Cluley said.

The arrest comes just weeks after German police moved in on two groups of youths in connection with the Sasser worm and the Phatbot Trojan.

The Randex virus infected about 9,000 computers, the RCMP said. That's modest in comparison with worms such as MSBlast, but it still could have opened the way to more serious distributed denial-of-service (DDOS) attacks.

"This is not something to be made light of," said Sgt. George Wiegers of the Integrated Technological Crime Unit.

Munir Kotadia of ZDNet UK reported from London.