UK businesses have criticised last week's decision by a German court to sentence 19-year-old computer virus writer Sven Jaschan to 30 hours' community service, arguing the ruling is too lenient.

Jaschan, who infected millions of computers worldwide with the Sasser and Netsky worms, at an estimated combined cost of more than $6.25bn (£3.53bn), received a 21-month suspended sentence because he was only 17 when he was arrested at his parent's home in Waffensen, north-west Germany, in May 2004.

But 78 per cent of business computer users believe the sentence is not harsh enough, according to research. The two worms caused massive disruption, bringing down coastguard stations, delaying British Airways flights, infecting IT systems at the European Commission and Hong Kong hospitals, and halting trains in Australia.

'Businesses feel let down by Jaschan only receiving 30 hours' community service,' said Carole Theriault, security consultant at IT security firm Sophos, which conducted the survey of 550 corporate computer users.

'People have suffered massive losses from this virus; the coastguard was affected, and it could potentially have led to a loss of life,' she said.

The decision, which allows Jaschan to return to his job as a trainee programmer at German IT security firm Securepoint, has led to calls by businesses for a global standard for prosecuting virus writers.

The Maritime and Coastguard Agency (MCA), which was infected by the Sasser B virus in May 2004, declined to comment on the sentence, but warned of the disruption viruses can cause.

'The impact of the virus caused us to shut down systems for several hours. There was no loss or damage to data during this period, but the coastguard operations reverted to a tried and tested paper-based contingency system,' an MCA spokesman told Computing.

The Information Security Forum (ISF), whose members include 50 per cent of Fortune 500 companies and many UK businesses, criticised the mixed messages courts are giving to virus writers around the world.

'There's an underlying frustration that there is little synergy in terms of sentencing,' said Andy Jones, senior research manager at the ISF.

'Jan de Wit, who wrote the Anna Kournikova worm, only received community service and then had job offers from IT security firms. Meanwhile spammer Jeremy Jaynes received nine years in jail. It is giving out the wrong sort of messages.'

A lack of technical understanding among juries, and the fact that technology is outpacing legislation, is also making prosecution difficult, he says.

'That is why there has been little prosecution under the Computer Misuse Act; it is easier to get a conviction for something like theft of electricity,' said Jones.

Professor Jim Norton, the Institute of Directors' senior policy adviser for ebusiness and egovernment, hopes Jaschan's sentence will not encourage people to write viruses in the belief they will go unpunished.

'Sven Jaschan received his light sentence because he was a minor. But it is unfortunate if it is read by people as open season to write viruses and think there is no comeback,' he said.

'I am not in favour of a "hang them, shoot them and flog them attitude" towards virus writers, but the sentencing does need to fit the nature of the crime. If a virus is written with malicious intent then the sentence should befit this.'

The CBI says that as well as better prosecution, firms must take greater steps to protect themselves from 'continually adapting' IT security threats.

'Businesses need to take strong precautions, put IT security measures in place, and ensure that they regularly audit and update systems,' said Sue Daley, senior policy advisor at the CBI's ebusiness group.

Jaschan was tracked down after two informants provided details leading to his arrest. Microsoft has confirmed that it will pay its promised $250,000 (£141,000) reward to the individuals.

Does the punishment fit the crime? It depends on where you live

Last week's decision by a court in Germany to give Sasser and Netsky author Sven Jaschan a 21-month suspended sentence and 30 hours' community service highlights a disparity in how virus writers and hackers are treated around the world.

Jaschan's viruses cost business an estimated $6.25bn (£3.53bn) worldwide, and infected millions of PCs, according to analyst Computer Economics.

In January 2003, 22-year-old Welsh web designer Simon Vallor was sentenced to two years in prison by Southwark Crown Court for writing the Gokar, Redesi and Admirer viruses, which infected 27,000 PCs in 42 countries.

By comparison, 20-year-old Dutch citizen Jan de Wit, who infected a greater number of computers by tricking people into opening the Anna Kournikova email virus, caused $167,000 (£94.446) in damage, yet received 150 hours' community service.

US-born Jeffrey Lee Parsons, creator of the Blaster B virus, which attacked more than 48,000 computers at an estimated cost of $1.2m (£680,000) was sentenced to 18 months in jail and 100 hours' community service in January this year.

Other internet criminals have received heftier sentences: 28-year-old email spammer Jeremy Jaynes was sentenced to nine years by a US judge.

British hacker Gary McKinnon, who is accused of causing $1m (£570,000) in damage by hacking into the computer networks of Nasa, the US Army, US Navy, US Department of Defense and the US Air Force, could receive a sentence of up to 70 years if extradited to the US next month.

What do you think? Email feedback@computing.co.uk

If you want to be first with the news, visit www.computing.co.uk every day.