The Spanish police have arrested in Madrid a 23-year-old man suspected of being the author of the W32/Raleka worm which infected more than 120,000 computers in August.
The Raleka worm operated in a similar way to the Blaster worm, both exploiting the critical Windows RPC Service vulnerability in versions of Microsoft's Windows 2000 and XP operating systems. Infected machines could then be used to mount further remote attacks.
According to the website of the Guardia Civil police unit, the arrested man used the nickname 900K and was the leader of a group of hackers called Akelarre. The man's name was not released.
A technical investigation of the virus enabled police to track down the Akelarre group and make the arrest and impound eight computers, the Guardia Civil said.
This is the first arrest of a suspected virus author in Spain, showing that anti-virus efforts are improving, according to security vendor Sophos.
"Computer crime authorities around the world are now more equipped at hunting down the perpetrators of hacking and virus crimes," senior technology consultant for Sophos, Graham Cluley, said. "Virus writers should be asking themselves whether it's really worth taking the risk."