Victims' silence threatens Kournikova trial

NEWS UK anti-virus company Sophos has attacked firms for not owning up to being hit by the Kournikova virus. The reluctance to report the virus attack means that the Dutch prosecutors involved in the trial of the virus's author have little evidence of the damage it caused. The prosecutors are pressing for a sentence of 240 hours community service for the virus's author, John de Wit, who appeared in court last week. The 20-year-old admits writing the code, but his lawyers are asking for him to be released, saying there is no direct evidence that he caused any financial damage. The FBI found only 55 firms that would admit they had been infected by the virus, and the evidence showed that the financial damage was $167,000. But virus experts say the actual damage of the worm was far greater. Graham Cluley, senior technology consultant for Sophos, said firms should report the problems they've had: "The fact that the FBI could only find 55 people affected by this is frankly staggering. This does not send the right messages out to other would-be virus writers who now may think they're going to be given an easy ride in the courts." He added: "If this is not reported, then the police won't hear about it, and they won't think it's a serious issue. If they don't think it's a serious issue then they won't get the proper funding to set up the kind of resources we need to combat this crime." The maximum sentence de Wit could face under Dutch law is four years in prison and a fine of $75,000. However, the prosecutor's call for a community service punishment means the offender is unlikely to get a custodial sentence. Neil Barrett, technical director at security firm IRM, agreed the industry needed to take responsibility for reporting viruses, but he understood why many firms were reluctant: "Companies should make complaints when they get hit by viruses. We've all got the responsibility in this industry to push for the appropriate punishments for these crimes, to discourage other potential virus writers from doing the same." The Kournikova email virus first hit computer networks in February this year, luring victims into opening an attachment by promising a picture of tennis ace Anna Kournikova. It lacked a destructive payload, but it brought networks down through sheer volume of emails. Once opened, the virus emailed itself to the victim's entire address book.