Sign Up: Free Daily Tech E-letter  
Technology Home
Tech Policy
Government IT
Personal Tech
Special Reports


Canadian Authorities Charge 'Randex' Author


Attack Knocks Major Web Sites Offline (The Washington Post, Jun 16, 2004)
Attack Blocks Access to Popular Web Sites (, Jun 15, 2004)
Free Desktop Firewalls Do Help, Expert Says (The Washington Post, Jun 10, 2004)
More Security News

E-Mail This Article
Print This Article
Permission to Republish
By Brian Krebs Staff Writer
Friday, May 28, 2004; 12:42 PM

Canadian authorities yesterday announced that they have charged a 16-year-old youth with creating and unleashing the "Randex" worm, a malicious computer program that security experts say is a tool spammers can use to hijack infected computers.

The Royal Canadian Mounted Police said the Mississauga, Ontario, youth -- whose name is not being released because of his age -- used online file-sharing networks like Kazaa and LimeWire to distribute the worm. The charges were filed on May 7 in London, Ontario.

Randex is a type of "Trojan horse" program, so-called because it surreptitiously gives attackers total control over infected computers. The youth allegedly used Randex to seize control of at least 9,000 computers running versions of Microsoft's Windows operating systems. The infected machines were used to relay spam messages and to spread the worm to other computers, according to George Wiegers, a member of RCMP's technology crimes unit.

Mikko Hypponen, director of antivirus research at Finnish antivirus company F-Secure, said researchers in Germany and the United Kingdom found that lists of computers infected with Randex were being sold to spammers on the Internet black market. Large portions the computer code for Randex also served as the foundation for "SDbot," a widespread family of Trojan horse programs that turn infected computers into spam relays, Hypponen said.

"This is really one of the first arrests where there's a clear, undeniable path between virus writers and spammers," Hypponen said.

Toni Koivunen, a Finish software designer, told that he tipped off Canadian authorities to the identity of Randex's author. Canadian investigators would not confirm Koivunen's assertion, saying only that they were tipped off to the Randex author's identity by an independent investigator.

Koivunen said he began looking for Randex's author in February when he discovered that a friend's computer was infected with it.

"I really don't have too much sympathy for these virus writers," he said.

If convicted, the Canadian youth could face fines and a sentence of up to 10 years in jail.

The Randex case comes just weeks after authorities in Germany arrested an 18-year-old man who admitted to releasing "Sasser," a worm that has infected millions of computers vulnerable to a recently discovered Microsoft Windows security flaw.

In Taiwan this week, the Associated Press reported that a computer engineer was arrested on suspicion of creating and releasing the "Peep" Trojan, which investigators said was used to steal data from hundreds of Taiwanese schools, companies and government agencies. Last September, U.S. authorities arrested an 18-year-old Minnesota student suspected of releasing a variant of the destructive "Blaster" worm. Home

© 2004 Washingtonpost.Newsweek Interactive

Company Postings: Quick Quotes | Tech Almanac
About | Advertising | Contact | Privacy
My Profile | Rights & Permissions | Subscribe to print edition | Syndication