Creator of ‘Onthefly’ Worm Identified

Dutch privacy laws prevent local authorities from releasing the identity of the author of the “Onthefly” email worm, but an investigation by InternetNews Radio reveals all roads lead to the Anna Kournikova fan Web site of Jan Dewit.

Information from newsgroups and Web postings helped to piece together the identity of the 20-year-old man, who admitted to police that he created the Anna worm, which infected Internet users around the world Monday.

Dewit maintained an Anna Kournikova fan site at the Tripod home-page service, the same service he was used Tuesday to post an online confession under one of his many online nicknames, OnTheFly. In the confession, OnTheFly said he created the worm around Kournikova because he’s a big fan of the Russian tennis star.

At his Kournikova site, Dewit reveals that he lives in Sneek, the same town in northern Holland where police arrested the unidentified man.

Dewit was not very careful about covering up his tracks online. Using the nickname OnTheFly and an [email protected] account in the Netherlands, Dewit in recent weeks has posted several messages to virus newsgroups, including one that included the source code to another virus, which he named the Iwa Virus.

He also used that same nickname, OntheFly, to sign Usenet messages recently posted to alt.hacker from an account with the email address [email protected]

Dewit also apparently used the nickname -=TheLord=- to sign
Usenet postings from that same account.

Representatives of [email protected] have reportedly said they are investigating the incident, and that posting viruses is a violation of the service’s “acceptable use” policy.

While virus writing is not specifically illegal in the Netherlands, the country does have a new computer crime law. Under that law, Dewit reportedly could face up to four years in prison. As reported, he has been released pending his court appearance.

In his confession note, OnTheFly said he was inspired to release the virus after reading a recent article about research conducted by International Data Corporation into the impact of the LoveLetter virus, which struck Internet users last May.

Rob Hailstone is the director of IDC’s information security practice in Europe. He confirmed today that the firm recently released results of a survey of corporate email users.

“Surprisingly, 37 percent said they would open an email with the subject
line ‘I Love You’ from someone they know, and 8 percent would open one from
a stranger. So there’s a very significant level of exposure there,” he said.

While Hailstone says OnTheFly may have concluded correctly in his confession that Internet users failed to learn from the LoveLetter worm, Hailstone said the virus writer was way off base in blaming users for infecting themselves with Anna Kournikova.

“I think that’s rubbish. A lot of [virus writers] think they are Robin Hoods
and somehow standing up for freedom and liberty, but they’re really more
vandals than Robin Hoods,” said Hailstone.

News Around the Web