FBI Seal Federal Bureau of Investigation Links to FBI home page, site map and Frequently asked questions
Federal Bureau of Investigation
Home Site Map FAQs Skip to Main Content

Contact Us
Bullet Your Local FBI Office
Bullet Overseas Offices
Bullet Submit a Crime Tip
Bullet Report Internet Crime
Bullet More Contacts
Learn About Us
Bullet Quick Facts
Bullet What We Investigate
Bullet Natl. Security Branch
Bullet Information Technology
Bullet Fingerprints & Training
Bullet Laboratory Services
Bullet Reports & Publications
Bullet History
Bullet More About Us
Get Our News
Bullet Press Room
Bullet E-mail Updates Red Envelope
Bullet News Feeds XML Icon
Be Crime Smart
Bullet Wanted by the FBI
Bullet More Protections
Use Our Resources
Bullet For Law Enforcement
Bullet For Communities
Bullet For Researchers
Bullet More Services 
Visit Our Kids' Page
Apply for a Job
 

Press Release

For Immediate Release
August 14, 2001

Washington D.C.
FBI National Press Office
(202) 324-3691

The National Infrastructure Protection Center (NIPC), the Federal Bureau of Investigation (FBI), the Washington Field Office of the FBI, the Department of Justice Computer Crime and Intellectual Property Section and New Scotland Yard, United Kingdom (UK), announced today that a 24 year old male was arrested on July 23, 2001, in the UK for violation of the "Computer Misuse Act 1990." This announcement was delayed to avoid potentially comprising the ongoing investigation. This individual who, under British Law, cannot be identified at this time, was arrested in connection with designing and propagating malicious code, known as the W32-Leave.worm, or Leaves worm, into Windows-based computer systems. This individual has been released from custody and ordered to return to New Scotland Yard on September 24, 2001.

On June 23, 2001, the NIPC issued "Advisory 01-014," "New Scanning Activity (with W32-Leave.worm) Exploiting SubSeven Victims," regarding this activity. This particular worm allowed the intruder access to an infected system while the victim machine was connected to the Internet. It is believed that home-users' computers, without updated anti-virus software, were the systems primarily infected by this worm. Current anti-virus software will detect the presence of the W32-Leave.worm. Full descriptions and removal instructions can be found at various anti-virus web sites.

This malicious code was discovered by the analytical efforts of the employees of the Systems Administration and Network Security (SANS) Institute and reported by SANS to the NIPC. This arrest came as a result of a joint FBI/New Scotland Yard, UK, investigation, and illustrates the benefits of law enforcement and private industry working together.

 

#####


| 2001 Press Releases | FBI Home Page |