For Immediate Release
August 14, 2001

Washington D.C.
FBI National Press Office

The National Infrastructure Protection Center (NIPC), the Federal Bureau of Investigation (FBI), the Washington Field Office of the FBI, the Department of Justice Computer Crime and Intellectual Property Section and New Scotland Yard, United Kingdom (UK), announced today that a 24 year old male was arrested on July 23, 2001, in the UK for violation of the "Computer Misuse Act 1990." This announcement was delayed to avoid potentially comprising the ongoing investigation. This individual who, under British Law, cannot be identified at this time, was arrested in connection with designing and propagating malicious code, known as the W32-Leave.worm, or Leaves worm, into Windows-based computer systems. This individual has been released from custody and ordered to return to New Scotland Yard on September 24, 2001.

On June 23, 2001, the NIPC issued "Advisory 01-014," "New Scanning Activity (with W32-Leave.worm) Exploiting SubSeven Victims," regarding this activity. This particular worm allowed the intruder access to an infected system while the victim machine was connected to the Internet. It is believed that home-users' computers, without updated anti-virus software, were the systems primarily infected by this worm. Current anti-virus software will detect the presence of the W32-Leave.worm. Full descriptions and removal instructions can be found at various anti-virus web sites.

This malicious code was discovered by the analytical efforts of the employees of the Systems Administration and Network Security (SANS) Institute and reported by SANS to the NIPC. This arrest came as a result of a joint FBI/New Scotland Yard, UK, investigation, and illustrates the benefits of law enforcement and private industry working together.