FBI arrest in 'Blaster' virus expected, 18-year-old was put under surveill

<snip>
The worm started a "denial of service" attack against Microsoft, by sending millions of requests for automated software updates from Microsoft, flooding the company's computer systems.

It also addressed Bill Gates, Microsoft's founder and chief software architect, directly. It read: "billy gates why do you make this possible? Stop making money and fix your software!!"
<snip>

http://cbs.marketwatch.com/news/story.asp?guid=%7BCFDA0C5C-F57F-4C79-9FB2-D140E4747AEB%7D&siteid=google&dist=google


Mods, hope this isn't a dupe. If so, apologies.

I hope his sorry ass rots in jail for 30 years for the millions of people he screwed MORE seriously...

so easy to crack when there are tools available to protect your computer from the majority of the MS cracks.

$53.00??? What did you have to buy?

I paid a kid to fix it. After 4 hours of total frustration, I gave up trying to do it myself. To me it was just a pain in the ass. But a lot of people make their living running small businesses over the internet. Some are as computer illiterate as I am and were forced to stay offline for days. This punk literally took bread out of the mouths of their children.

I make no defense of Bill Gates but he is not the issue here nor was he damaged in any significant way by this immature stunt. The people that were hurt were people who lack his resources. They took a direct hit in the pocketbook.

snobby, and sassy... but if you aren't willing to take the time to turn to the reference manuals for your hardware/software, if you're not willing to put the time into being able to properly maintain the PC yourself, you either a) ought to not be using a computer at all or b) be willing to fork over the money without complaint when something does go wrong.

I'm sick sick sick of the 'computer illiterate' cop-out. That's exactly what it is, too- a cop-out. Software and hardware documentation comes with the software and hardware. In addition, there are lots of nice, big thick books out there. No, you don't need to read them cover-to-cover; just having them handy will do. My point is that there's no reason to not know how to make your PC safe and secure, and keep it running at peak performance.

Shoot, you can't even complain about the cost of such manuals, since there are many free resources out there on the web (although I will admit this does you no good and you likely would need to take it to a computer professional if your PC won't even boot; however, in the case of this new virus that keeps rebooting your machine, all you need is a clean- real-only disk with the fix on it. I digress.)

Don't be afraid or intimidated by the 'complexity' of the operating system or the software or hardware you're using. Just take it all one little step at a time, and you'll learn what you need to know to fix whatever might be wrong without spending a dime.

*sigh* Sometimes, I feel like these machines ought to require a license open to all ages. If you use a PC in ignorance, you can end up in a world of hurt.

:-) Remember?

That doesn't excuse morons who send out viruses and such. Many of us lack the time/inclination/interest to figure out how to outgeek the rest of the world.

A networked PC is a powerful machine that needs to be treated with respect, much like a car or a handgun. When wielded by someone who hasn't taken the time to learn the risks or proper usage, or is just plain irresponsible, all manner of misfortunes may ensue.

but this hacker didn't stop to think of the millions of little people he was hurting. Microsoft can recover from this. But the small business owners who are hurting right now have a much harder time of it.

I never got hit personally, but spent many hours patching and checking the roughly 50 Windows servers I support at work. I could have been goofing off all that time, but he or she made me work.

in the world who probably has armies of programmers to work on security? There's been a zillion updates for XP this year and they still get bested by a teenager?

The problem is they release OS's b4 they should. They know darn well people are going to try and hack thier OS's and they should be held as accountable as the kid that found the hole(s).

It's the tens of millions of dollars of lost productivity scattered throughout the US economy.

If a teenager dumps sugar in the gas tank of your car, who would you hold responsible? The person who did it, or the car manufacturer for failing to make it more difficult to put stuff in the gas tank?

people were going to put sugar in the gas tank, I would mostly blame the manufacturer, then the sugar offender. Microsoft has been doing this for years, and we let them get away with it, just like we let GW get away with it.

In this case, there IS a choice. Get a mac. A recent study showed that a windows computer was 625 times more likely to be infected by a virus than a mac computer. Just ONE of the reasons.

Keeping up with the patches from Microsoft and using a properly configured CheckPoint firewall has kept my machines 100% virus free.

In fact in the 20 years (shit, am I really that old?) that I have been professionally supporting computers including mainframes, Unix, Linux, NetWare, Macintosh, Alpha, NeXTstep (that was a cool one!), and every flavor of MS-DOS and Windows ever written I have been hit by a virus only ONCE. Safe computing practices work. The problem is that so many people don't know how to protect themselves. If people all followed safe computing practices the viruses wouldn't stand a chance.

That happened when I put a suspected infected floppy in my A: drive. Norton AV lit up to verify that the diskette was infected, and the power went out. I ran downstairs to take care of some urgent matters, and the power came back on. By the time I got to my machine the boot sector virus had jumped to the hard drive. No matter, my magic boot sector fixer floppy took care of it within one minute.

Rant and rage against Microsoft all you want, but it's still the most successful software company in history and its products are used by more people than all the other OSs combined.

Run Linux, or get a UNIX box.

Biggest problem with Mac, for the average user, is price. PCs are so prevalent, and there are so many "deals" that'll get you a Celeron (barf!) box for a measly $400 or less, if we're talking about a home user who just wants e-mail & the Web and doesn't need a bunch of bells & whistles, then price becomes a major deciding factor.

I would have gone *NIX by now myself, but the issue is money, money, money (as in, I have none). So it's me, a four-year-old clone, and NT 4 for the forseeable future.

or if your house has windows and it is well known that a burglar can break a window and come inside? BULL. The number of apologists for thieves and criminals in here are amazing.

Microsoft went to a prison full of rapists, asked the guards to leave, and said she'd do lap dances for cigarettes.

It really is that bad.

It's like putting a big red button on a five hundred pound bomb and leaving it in a kindergarten.

You tell the kids not to push the button, and then you blame the kid who pushes it, right, demdave?

Yes, I know you are angry, but there is SO much blame to spread around here that you can't let it bury you.

We can only fix the damned problem and get on with our lives.

Every time a computer virus or worm gets loose on the internet another Bastard Operator from Hell gets his wings.

Peace

and all the cars that happened to pass under a cloud of sugar were affected, I'd blame the manufacturer. I doubt that the attack was aimed at an individual as your analogy postulates.

MS puts out operating systems that are wide open to this sort of thing. If they would bundle XP with good anti virus and firewall software, there would be a hell of a lot fewer cracks.

XP DOES have a "firewall," but the default setting is turned off. WTF is that?

Also, why so many people open attachments they aren't sure about is amazing in its own right.

Cheers!

until it works. Rather that a complete code rewrite every few years like the latest teen fashion. Even DATING them. Come on.

Never mind the exploits, just make a damn kernel that doesnt leak.

I'd like to see them concentrate on getting the most stable, bomb-resistant OS they can and still make a profit. Let other vendors write games, flight simulators, Internet utilities, business applications, etc.

And keep using that hammer... it seems to be working.

First, NT (XP) was written with little or no regard for security, and that is a fact. It is very difficult to "add" security to a piece of software, just like it is impossible to "add" quality.

But, that does not excuse the parade of chumps who think that just because there is a hole, they should breach it. I realize there are laws against an "attractive nuisance", but I really don't see how that applies here. Even if my front door is unlocked, you do not have the right to enter my house and destroy property.

And lastly, my wife runs a help desk so she feels these problems an order of magnitude more than most. People say "well, MS put out an update for that hole last week" (and BTW, the hole was so big it should be called a cavern). But, the people who service these computers day and and day out hate putting in those patches. Why - because as often as not the patches break something else. Plus, many of their systems are "certified" or "validated", if they install a patch that entire process has to start over.

At some point the smart businessmen of the world are going to seriously consider whether Windows is really an asset or a liability, for many kinds of computing tasks.

I hope the kid goes to jail. Really.

And it's really no problem.

On most of them I use the automatic update, and have never had a problem caused by any of the critical updates in Windows 2000 or XP.

... in the environment my wife works in, they do have problems. And backing out a patch is a big pain in the ass.

In my home, I have 6 machines that I maintain, 2 for me, 1 for wifey, and each of the kids has one.

I've never had a virus infection, probably because I sit behind a hardware firewall, my wife and I know better than to mess with unknown stuff and the kids have been trained also.

But 2 weeks ago - after listening to my wife talk about how her whole division would be down for days cleaning this mess, I decided to do my first Windows Update on my XP machine.

Let it suffice to say that I regretted it. The machine was unstable after I installed SP1 (after running flawlessly for a year) for a period of time though it seems to have settled down lately - I did nothing so I don't know why :)

I forgot, what was I talking about :) Oh yeah, MS software is basically written by a bunch of yoyos, and Windows is a triumph of hardball anti-competitive tactics and marketing, not technology. :)

"At some point the smart businessmen of the world are going to seriously consider whether Windows is really an asset or a liability, for many kinds of computing tasks."

Well, the only thing that will make that happen is for people to exploit the holes again and again. This is an insecure swiss-cheese of an OS, and the very fact that many, many large businesses use it for their computers' OS places our economy at risk. Were Windows truly secure, I'd be willing to bet that the stock market would be higher (to what degree is a matter of debate), as would consumer confidence in technology as a whole.

Now that I've finished deleting another 104 messages from my inbox, all infected with Sobig.F. ...

First, NT (XP) was written with little or no regard for security, and that is a fact. It is very difficult to "add" security to a piece of software, just like it is impossible to "add" quality.

But, that does not excuse the parade of chumps who think that just because there is a hole, they should breach it. I realize there are laws against an "attractive nuisance", but I really don't see how that applies here. Even if my front door is unlocked, you do not have the right to enter my house and destroy property.

Yes, I'm more than irked with Microsoft, and I HATE installing their squirrely patches... BUT:

We can blame Microsoft all we want, and hate Microsoft all we want (and, really, who likes Microsoft?), but my anger is directed squarely at every little bastard who takes advantage of every security hole, for no other reason than to cause mayhem.

Automobiles are dangerous, but I don't hold General Motors responsible for some idiot getting behind the wheel drunk.

It's a matter of ethics and personal responsibility -- which are sorely lacking just about everywhere I look these days, and provoke that little voice in my head that says, "People are just no damned good."

I hope he goes to jail, too. Free some "victimless criminal" like a pot-smoker or a prostitute to make room for him. The creep.

P.S. Ex-help-desk slave here, whose own NT machine was hit just once in seven years (by Nimda - happy birthday to me, 2001).

P.P.S. Oops, five more Sobig.F messages came in since I began composing this.

anyone notice that every virus in memory works by exploiting errors in M$ code? One of my Jewish clients likened a virus to terrorism. I took issue with him, as a virus doesn't kill anyone, but the comparison is valid.

Many, many people hate Microsoft, from small developers who've been shut down, to network admins lamenting the latest crap they have to use, to the upper levels of management in Sun and IBM. So if some prick wants to write a virus, he is both motivated and facilitated my Microsoft to write it to exploit their software.

I too pulled a few all-nighters to clean this crap off my clients networks.

Except for one.

The one that uses Netscape mail.

So I won't be rolling out Outlook anytime soon. I'm going to put Mozilla calendar, which you can share via a free webdav server, and use an open-source LDAP server to share address books. Combined with IMAP mail, this does 95% of what Exchange does, for FREE.

and the users dont care, all they know is it works fine and they dont have a virus.

and I dont have to worry.

For YEARS I've wanted them to catch just one of the little creeps who perpetrate these viruses. Let's only hope deterrent does work with this kind of crime.

Public flogging or stoning would be appropriate.

for someone who hasn't killed or hurt anyone?

There are literally thousands of people who can write virii. Its not very complicated code, and you can send it quite anonymously from any internet cafe or library.

Do you really think making an example of this guy will stop the next one?

The Blaster criminal has caused economic harm to literally millions of people.

I'd rather deal with a teen's code than Bushco!

(I know, it's a stretch :-) )

say it like that. I, however, prefer to say that it was the exploitation of a Microsoft-specific security that caused the economic harm. It clarifies that it is the Micro$oft OS that makes the economy vulnerable to attack in that respect.

rather than the corporation. I agree with what you say, but the corporation has replaced Mom & Apple Pie as the symbol of America and blaming a corporate entity is played as a slap in the face of patriotism by the neocons of today.

to revoke corporate personhood.

That seems to pop up everywhere......

That it will be a lot easier to prosecute a Mitnick wannabee than to go after the legal staff the Gates could put together?

'Sides, with the teenage cracker they get an easy conviction and get to puff chests out and proclaim they are "tough on crime."

Whoever created this worm/virus/whatever is a criminal. If I go out and use my car to run down a dozen people, that doesn't make the car manufacturer guilty.

Sure the coder is a criminal for unleashing a successful virus. BUT culpability also lies with the company that releases an OS touted as "the most secure yet" and is in actuality is an open invitation to curious juvies with more brains than common sense.

MS depends on crackers AFTER a release to show them where the holes are. And the people who operate a system in such a fashion that they fall victim to a virus 1. DESERVE IT Because there are plenty of easy ways to avoid contamination, and 2. are beta testing Windows for MS free of charge.

...of whether or not you think Microsoft is culpable. The bastard didn't HAVE to unleash a malicious program, and he knew damn well what would happen when he did it.

He should be publicly flogged on a live Webcast for all the world to see, then he should go to prison with a term equal to the sum total of all the time everyone who was affected by the worm spent guarding against it and/or cleaning up his mess.

We should put him in jail for the rest of his life?

Sorry, I don't buy it. (This kid isn't the one who wrote the code anyway, but a dumb-ass who did propogate the virus and got caught because he was stupid enough to do it in front of others).

Shit, we've already got the highest per capita prison population in the world, why not really fuck this kid up & stick him in the GP and let him REALLY learn how to be a criminal!

I'm not saying do nothing. I'm saying treat him as if he were your brother.

'Cause he is.

http://story.news.yahoo.com/news?tmpl=story&cid=562&ncid=718&e=2&u=/ap/20030829/ap_on_hi_te/internet_attack

<snip>

Parson — a physically imposing presence at 6-foot-4 and 320 pounds — told the FBI he built into his version a method for reconnecting to victim computers later, according to court papers. Infected computers automatically registered themselves with Parson's Web site so he could keep track of them.


Parson operated the t33kid.com Web site, according to Internet registration records.


The Web site, which was operated from computers physically in San Diego, appeared Friday not to have any content on it but previously contained software code for at least one virus and a listing of the most-damaging viruses circulating on the Internet.

Funny! That's abt the way I imagined him from the description!

The fat-faced Arizona congressman's boy.

in his anal cyst days.

Let's say you could bring down the entire telephone network of the United States simply by dialing the right number on your telephone.

Everyone knows you can do this, they just don't know the right number. Amazingly, the phone companies know this is possible, but they don't fix the problem.

A teenage kid, who has nothing better to do, figures out what the number is, and he dials it...

or if a mischevious janitor could take down the entire power grid by throwing one switch.

If he does it, even intentionally, sure he bears responsibility, but so do the engineers who designed it, or left it, with an obvious gaping flaw.

I work for a major bank (in the top 5 in the US) and our CIO has personally said that he is angry with MicroSoft and the way they've been conducting business. We have lost untold millions of dollars this year due to their incompetence. It's impossible to put all the patches on all of our systems in the time frame between the patch release and the attack. They sold us these SERVER OPERATING SYSTEMS as being the most secure product ever (or something like that) and they've been the most unsecure products we've ever used. I don't think that the next contract negotiations between us and M$ are going to be very profitable for M$. That's if they can avoid being sued by their major corporate customers.

I say FUCK MicroSoft, and string this dumb kid up and cut his nuts off, I don't want his progeny running around the planet.

by which i mean, every version of windows. people shouldn't have to be professional sysadmins to own a PC. people buy these things to surf the web and use email and write letters. a PC used for these functions should be just as reliable as a toaster, a telephone, or a VCR. a toaster that burned your toast would be defective; and an OS that practically invites virus attacks is also defective.

it's a simple consumer issue.

The bigger and more complex it becomes, the more bugs it is likely to have. If you think Microsoft is culpable, I suggest you read the Windows license agreement before you talk to an attorney about suing them.

The kid is from St. Paul, MN....


...and he was not the original author of the virus. He should definetly be punished, but don't put all the blame on him. Someone else made the original virus and Microsoft made the swiss-cheese OS.

I have only ever had one virus since I've been computing in 96'. And it was just some goofy virus that insisted on doing things in mIRC. I tracked it down, tracked down where it came from, cleaned it, and no problems since.

I don't use Microsoft Outlook, except at work where I don't know the settings to use my own client, and I never open ANY attachment unless I know the sender.

I am on the internet ALL DAY LONG and it boggles me to death how anyone 'gets' a virus. I get up, my DSL is running, I leave to work, my DSL is running, I get home, my DSL is running.

I think the reason most corporations get hit with virii is some gimp reading his/her mail gets a cutesy 'OPEN THIS ATTACHMENT IT IS SO CUTE KEKEKEKEKEKE ^_^ ^_^ ^_^ ^_^ ^_^' and what do they do? THEY OPEN IT. Also all the friggin CHAIN MAILING that goes on at work.

PLZ STOP CHAINMAILS KTHX.

Someone gets something 'cute' and has to forward it to everyone and their cat.

As for the hacker guy, it is a two sided coin.

Exploiting the hole = BAD
Punching Microsoft with the virus proving it had a HUGE GAPING HOLE in it's software = GOOD

This does irritate people in the end but it also makes it clear the software HAS a problem that NEEDS addressing, with the only other option being loss of consumers to other platforms.

Imagine if a major PC manufacturer suddenly went 'We're going to stop offering WinXP on our systems. From now on they'll be packaged with LINUX and include a user's manual.' All because people got sick of Microsoft's bugs.

...also why does nearly every virus exploit Microsoft Outlook? Wouldn't that tell you that program has SERIOUS ISSUES? But corporations still insist on using it. Go figure.

Should I sue
a. the contractor for not anticipating all the ways the house was vunerable
b. the carpenters for not building in safegaurds to protect me
c. myself for not forseeing every possible way someone could violate my home

or

d. the serial felon who broke into thousands of homes and cost homeowners millions
because he was bored and thought it might be fun.?

As to an earlier suggestion that people like me shouldn't be on the internet because we're
not technologically adept, its sad but true that the capacity to learn and remember new
information declines as one ages. Perhaps some day you too may experience this also. I really hope so.

Regardless, I certainly don't intend to get offline just because I'm not a geek.

When we hear of many crimes perpetrated by young offenders, we (as good liberals and progressives) often try to defend them. I know I do, since I believe their crime might be at least partially a result of immaturity and since I believe they can change and live a productive life given the correct circumstances (at least 80% of the time, that is).

But I found myself mad as hell with the creator of the Blaster virus (interestingly, I wasn't even affected) echoing sentiments I have found on this thread. "String the little bastard up," was my nicest thought.

But if our principles don't mean anything when a case like this comes up, . . . then . . .

WHAT?? Who are we? What do we stand for?

Do we have sympathy for an inner city youth who gets caught up in gang violence, but not a 18-year old computer geek?

(I'm not saying I'm above this anger . . . just wondering . . .)

and unfortunately it takes criminal activities to air them. Microsoft has built an empire on monopoly, closed code controllism. I live in Seattle and can tell you that while there are a number of fortunates who got in early in this city and did well on the stock, the corporation itself brings far less to the local community and cultural infrastructure than should be. This is a pocket-lining business pure and simple and shares with the community about as much as it shares code with the computer-using public.

I sympathise with people who are impacted, but I get a hoot out of anything that draws attention to Bill's computer imperialism.

:dem:

http://story.news.yahoo.com/news?tmpl=story&cid=1802&ncid=1802&e=2&u=/washpost/20030830/ts_washpost/a2306_2003aug29

FBI (news - web sites) agents arrested Jeffrey Lee Parson, an 18-year-old high school senior, early yesterday at the home he shares with his parents in Hopkins, Minn. The U.S. attorney's office in Seattle, which is leading the case, charged Parson with intentionally damaging thousands of computers owned by Redmond, Wash.-based Microsoft Corp., other businesses and individuals.

<snip>

Parson did little to cover his tracks, according to the criminal complaint. He appears to have boasted of unleashing viruses. According to a version of his Web site, recorded by the Internet search engine Google, Parson claimed to have created a worm called "p2p.teekid.c" that was spread by people using popular services such as Kazaa and iMesh, which are used by millions of people to share songs, video and movie files. Parson used the pseudonym "Teekid" online, according to prosecutors. The site contained no references to Blaster, however.


Prosecutors alleged that Parson modified the existing Blaster virus, which began circulating on the Internet on Aug. 11, and unleashed his own, more insidious version known as Blaster.B, among other names. Computer security experts suggested yesterday that Parson probably downloaded the original worm and simply added a bit more code.

<snip>

"With this arrest we want to deliver a message to cyber criminals here and around the world that the Department of Justice (news - web sites) takes these crimes seriously," U.S. Attorney John McKay said at a news conference in Seattle. Homeland Security Secretary Tom Ridge issued a statement praising the arrest.


McKay said his office is still trying to find the author of the original Blaster.
<snip>

Sounds as if this high school kid (really BIG kid) aimed an existing virus at MicroSoft.

IMHO, making a Mitnick type example out of this kid is like trying to stop marijuana traffic by busting users. M$ has some blame here as well. It would be as if you built a car that died everytime you drove over a pot hole and you blamed the people who use the street rather than your car.

AND b4 you flame me on this, I just want to ask that you give the kid the sympathy you would a herd of rampaging mink.