Blaster Writer Caught

Henry V .009 writes "The FBI will be arresting an 18 year-old in connection with MS Blaster, reports The Washington Post." According to the article, the teen was witnessed testing the worm, and then turned in by a bystander. It's also worth noting that this is merely one of the Blaster variations. Hope whoever it was had fun, because a world of pain is waiting in store now.

A witness turned him in?!?

[corebreech]

How on Earth do you witness somebody writing a virus?

He's sitting in front of a computer, hitting keys on the keyboard and looking at the monitor. That describes the person who wrote this story, the person who submitted this story, the person who posted the story, me getting first post, and everybody reading and moderating this and every other post to come.

It also describes RMS writing Emacs, Linus debugging the kernel, and SCO issuing another press release.

Did this witness actually read the code? What kind of idiot virus-writer lets someone he doesn't know pull up a chair and start auditing his code?

Or was the witness tipped off when the screen start flashing "NOW TESTING VIRUS"? Damn, I hate when that happens!

This doesn't sound quite right.

Re:A witness turned him in?!?

[Gyan]

Probably, they caught a small fly. Who then got immunity and secrecy for turning in the ubercoders. Hence, "the witness"

Re:A witness turned him in?!?

[joonasl]

How on Earth do you witness somebody writing a virus?

Maybe they were following the XP-methodology and were pair programming?

Re:A witness turned him in?!?

[beacher]

This sounds like the Penis variant that came out shortly afterwards. The kid's a hack.. he's not the original author. It's funny. He just rode someone's coattails for fun and now he's going to do some time and have to worry about who's going to ride his coattails.

Re:A witness turned him in?!?

[EvilTwinSkippy]

He could have been dumb enough to test it on a computer lab at school, or at a library. The "witness" could have been a network administrator monitoring the system.

Of course the witness was also last seen purchasing a shark tank and some laser beams...

Re:A witness turned him in?!?

[thelen]

Almost certainly, "witnessed" here means bragged to, which frankly makes perfect sense for an 18 year old probably male, probably virgin programmer. Hey, if he's up all night reading /. he may yet beat the feds and run to Canada ;^)

Re:A witness turned him in?!?

[phagstrom]

All virus/worm/trojan writers use MovieOS where stuff like "Assembling Virus" and "Testing Virus" are written to the screen in blinking fonts.

Didn't you ever see Swordfish? ;-)

Re:A witness turned him in?!?

[rylin]

and SCO issuing another press release.

Err?
No.

They're talking about one person, not fifty monkeys dressed as lawyers

Re:A witness turned him in?!?

maybe spreading another kind of virus

Re:A witness turned him in?!?

[Spellbinder]

i think writing viruses is not a crime
testing them isn't a crime too
i think you have to release them to cause any damage
or is there some stupid new law that looks at viruses like bombs
is a virus now classified as a illegal weapon (of mass destruction)???

Re:A witness turned him in?!?

[eggplantpasta]

You mean this Movie OS?

Re:A witness turned him in?!?

[3terrabyte]

I think I saw this movie!

The kids name is ZeroCool, and everything will be just fine, because in the end, he gets Angelina Jolie.

Re:A witness turned him in?!?

[banzai51]

The sad thing is they'll fail to catch the original Blaster author so they'll throw the book at this kid for the whole Blaster thing.

Re:A witness turned him in?!?

[danheskett]

I dont know on what planet everything is fine when you end up Angeline Jolie. Eww. That is the furtherest thing from fine if you ask me.

Re:A witness turned him in?!?

[Penguin2212]

I bet this wittness was a person who was a friend of his who ratted him out. He probablly told him or showed him something about what he was actually doing.

Re:A witness turned him in?!?

[elel]

Actually, that's HollywoodOS and I hold the patent on it. I figure there's a market for idiots who want to bang on their keyboard haphazardly and have any number of complex processes happen as a result. I also think that more people than just myself want hexagonal windows to be the standard shape.

Anyone want to start a project?

Re:A witness turned him in?!?

[badasscat]

The sad thing is they'll fail to catch the original Blaster author so they'll throw the book at this kid for the whole Blaster thing.

This seems to be the prevailing sentiment here and honestly, it's making you all look like a bunch of script kiddies, or at the very least script kiddie sympathizers.

Fact is this 18 year old "kid" (actually, adult in this country) committed a crime if he wrote this virus variant and distributed it. While he's still innocent until proven guilty, I fail to see how it's "sad" to get any virus writer - big or small - out of the virus writing business.

This is the way law enforcement works. You can't catch everybody who commits a crime, and if you don't show that you're actively enforcing the law, there will be more criminals. Study after study after study have shown this to be the absolute truth. Even if they don't catch the writer of the original Blaster, catching this guy and making an example out of him - as well as any other virus writers they no doubt will catch in the future - will act as something of a deterrent. You're all operating under the assumption that this guy is a small-fry writing viruses in his spare time - you think it's worth it to a guy like that to risk jail time? No, and this will cause others like him to think twice.

Obvious analogy - when there aren't any cops around, I see a lot of people run red lights. When there is a cop stationed at an intersection, I see nobody running red lights. Funny how that works.

And if his punishment is harsh, so what? If he's found guilty, he's a criminal. He deserves whatever he gets at that point. People need to take responsibility for their own actions and realize that their actions have consequences, both for the people they directly affect (ie. those infected by this variant of the Blaster virus) and for themselves. You'd think Slashdot readers would have a little more grasp of this concept than most (being open-source advocates), but it appears this may not be the case.

Re:A witness turned him in?!?

[StikyPad]

One day your testes will drop and you'll realize that cooties aren't such a bad thing after all. Or maybe they are, but you won't care. Or so I'm told.

Re:A witness turned him in?!?

[UnderAttack]

Blaster.B, which is the version this person is alleged to have written, is a very simple variation. Shouldn't take more than 10 minutes to write using a hex editor. All he did was change the filename and a couple of the 'Bill' strings.

On the other hand: its kind of like someone walking past a masacre, picking up the gun the culprit left and shooting everyone who still twitches.

Re:A witness turned him in?!?

[emilng]

By your rationale, we should start caning graffiti artists in the US because that would be "something of a deterrent."
It's not a matter of whether he is guilty or not, but whether he is going to get a punishment that will fit the crime.
I wouldn't be surprised if the media makes this out into another Kevin Mitnick scenario.

Re:A witness turned him in?!?

[turgid]

What is with this whole 'virgin' preocupation? Why is anyone concerned with this kid's (or any kid's) level of sexual activity? I don't understand.

...beacause it's still a socially-acceptable way to stereotype and belittle young men. You would never hear of people using the term "18 year-old girl, probably still a virgin" in similar circumstances. It's hypocrasy, ignorance and spitefullness.

Re:A witness turned him in?!?

[rhiorg]

...with the obligatory progress bar showing how much of the virus/worm/trojan has been uploaded to the 'net.

Re:A witness turned him in?!?

[LineNoiz]

...an arrest has not yet been made...

Well, if he does read /., I'm sure he's busy running a big frickin magnet over his hard drive(s) right about now...

Re:A witness turned him in?!?

[ImpTech]

>And if his punishment is harsh, so what? If he's found guilty, he's a criminal. He deserves whatever he gets at that point.

NO NO NO NO! He deserves a punishment fitting the crime. If he wrote one variant, he should NOT be incriminated based on the damage done by ALL the variants. Sure he should get into serious trouble. Sure he should probably do some jail time. But my fear is that people will get carried away because of all the virus/worm activity lately and give him a lot worse than he's due. We'd like to think the justice system is above that, but sadly thats not always the case.

Re:A witness turned him in?!?

[BrokenHalo]

And if his punishment is harsh, so what? If he's found guilty, he's a criminal.

Not quite; it just means he doesn't have as good a lawyer as the prosecution.

Re:A witness turned him in?!?

[jazman_777]

Although let's not hang him before the trial.

Let's give him a fair trial, _then_ let's give him a first-class hangin'!

Re:A witness turned him in?!?

[GreyPoopon]

By your rationale, we should start caning graffiti artists in the US because that would be "something of a deterrent."

I don't think the parent poster made any comments about WHAT the punishment should be, so please don't start citing rather harsh treatments to make your argument look more interesting. You could have just as easily made the statement, "By your rationale, we should start putting graffiti artists in jail for a month because that would be 'something of a deterrent.'".

Anyway, consider the fact that even though this guy only modified an existing virus, his crimes are EXACTLY the same as those of the original programmer. Writing a virus isn't a crime. Unleashing it and causing damage (economic or physical) to the property of others IS a crime. By modifying the virus, he created a new pattern that virus scanners would not recognize and thus was able to create similar damage as that of the original virus. Please explain to me how this isn't as bad as what the original author did.

My argument, by the way, is similar to ones made against the DMCA. The DMCA is being used to prosecute people who construct devices that CAN by used to circumvent copy protection. However, I think most of us agree that the real culprits are those that use it for such. In the case of viruses, if I construct a new virus, but never let it loose, am I guilty? If you manage to swipe a copy of the virus while you're at a LAN party at my house and then let it loose, aren't you the guilty one? If both of us unleash copies of the virus, aren't we both guilty?

Re:A witness turned him in?!?

[zalas]

> shouldn't that be small FRY?

Engrish stlikes again!

Re:A witness turned him in?!?

[tigheig]

You're misreading the original message. It's not sad that this kid was caught. What was said was:

The sad thing is they'll fail to catch the original Blaster author so they'll throw the book at this kid for the whole Blaster thing.

The sad and dangerous part is the news media's tendancy to try to find the culprit as if there was a single individual responsible. If they blame the entire thing on him, and then have the standard trial by news pundit, what we'll get is a scapegoat and no progress on solving the problem of poorly written software and an expanding OS monoculture that makes the vulnerabilities even more prevalent. Slammer, Blaster, Sobig, and whatever the next one is represent a serious problem, and if we get another attempt to blame it all on the loner teenage hacker instead of trying to fix the bigger problems that make it possible we'll get hit again and probably much harder.

Many of us have spent a lot of time trying to convince our senior management that we have serious problems with unmanaged systems (i.e. either not sysadmin'd at all, or administered by someone who doesn't know what they're doing) and are finally beginning to make some progress. We don't need scapegoating clouding the issue.

I was approached this morning by a VP in my company who pointed to this news release and said 'Looks like they caught him, I guess we don't need that project you wanted for better patch management on the Enterprise network.' I went about re-educating him (and was reasonably successful), but I know I was successful because I have his ear and he listens. Not all of my peers at other companies are as lucky.

Re:A witness turned him in?!?

[Josuah]

I'm sure he's busy running a big frickin magnet over his hard drive(s) right about now...

Oh, you are so a script kiddie. Any serious cracker knows you gotta cook your drive, preferably in a fireplace. Don't have one? Boil it (you don't want to just cook it over the stove coils or on a sauce pan because that will just start a fire).

Re:A witness turned him in?!?

[gujo-odori]

Yes, as a matter of fact, we *should* start caning graffiti vandals in this country. It's an effective deterrent and fits the crime. The caning should, of course, be in addition to restitution to the victims. If they can't find enough people willing to do it, I'm willing to be sworn in as a caner and help them out after work.
However, I don't think they'll have much of a problem finding caners. You may recall that at the time of that incident, the vast majority of Americans thought he was getting exactly what he deserved, and more than a few people thought he should get twice as many strokes as he got.

Please note my deliberate use of the word vandal. People who go around spray-painting other people's property are not artists; they are vandals and criminals. It costs real people real money to clean up their property after someone vandalizes it with graffiti, and quite commonly, as soon as it's cleaned, the vandals come back and do it again. When you put graffiti on your own property, that you bought and paid for, you can call yourself an artist if you want. When you put graffiti on somebody else's property without permission, you're a criminal and should be treated as such.

Please don't drag out Kevin Mitnick here. Kevin Mitnick broke the law, was caught, convicted, and sentenced fairly. He's a criminal. He's done his time and deserves a fresh start so he can make something honest of himself, but there is nothing good about the actions that led him to prison, and those who would defend him and call him a victim need to get a grip on reality.

Re:A witness turned him in?!?

[bobKali]

I saw Sarah Good writing the virus! I saw Goody Osborne writing the virus!

Re:A witness turned him in?!?

[Josuah]

Power outages. Your RAM disk would get hosed. :P Assuming you didn't invest in a UPS, that is.

I doubt it.

He'll get hired by IBM in 8 months to work on internet security.

Re:I doubt it.

[Goldberg's+Pants]

Or SCO will report that he used their proprietary code to do it, ergo everyone infected with the virus will now be sued by SCO for illegally using their code.

Also reported...

[FireFury03]

Also reported by the BBC

Will be arresting...

[earthloop]

The FBI will be arresting an 18 year-old

Coder: Huh? They are coming for me? I'd better get moving before they get here.

Re:Will be arresting...

[TheDredd]

Well if he's reads slashdot, he'll be long gone by now

Is it standard FBI practise to anounce to the public they will arrest someone before they actually do?

Re:Will be arresting...

[Zocalo]

He may be in custody already. To actually arrest someone requires a warrant, but it is possible to hold someone without a warrant for limited time provided they are allowed their phone call etc. I suspect they already have the guy and are just waiting on the necessary paperwork to arrive from the DA's office.

Re:Will be arresting...

[cherberos]

Well, the BBC article claimes the FBI already talked to him.
There is probably more to this then the article states (as is almost always the case with the media-reports). It's pretty vague. A witness, testing? Where was he testing, and how. AV-companies also test this stuff.

Context is missing, so I guess a conclusion will have to wait till this afternoon.

Re:Will be arresting...

[TheVidiot]

Or, if he is considered an enemy combatant, (which, since he unleashed worm "terror" might actually apply) he can be arrested and held for as long as desired! No law needed!
----------

Re:Will be arresting...

[marko123]

He'll get an extra 20 minutes warning if he is a subscriber. If he gets done 10 minutes after reading about it, I bet he'll wish he did :)

Re:Will be arresting...

[darkmeridian]

To clarify this parent post, there is a distinction legally between being detained and being arrested. The police can detain you if they believe that you are a witness in a case. To arrest you, however, they must have probable cause. Once they arrest you, you have specific rights. Delaying the arrest as late as possible helps the authorities.

Lucky Bastard

[EvilTwinSkippy]

Lucky the authorities got to him first that is. Well they say there are more virus authors out there. Hopefully all that dental equipment I bought on Ebay will be put to good use.

Im guessing it was a mate of his

[msim]

I mean, maybe he borrowed his mates computer to do something, saw something interesting, then got told to take a long walk off a short plank when he tried to blackmail him.

Well until someone is caught and Proven to have written the virus, as far as im concerned it is a bunch of FUD.

Re:Im guessing it was a mate of his

[El_Muerte_TDS]

Virus writers don't have friends

"They have a chronic lack of girlfriends, are usually socially inadequate and are drawn compulsively to write self-replicating codes. It's a form of digital graffiti to them,"

Passer by?

That sounds fishy.

The average person wouldn't have a clue about what a developer was doing. There's no way someone can walk by and know that the guy was testing a virus.

Assuming this is true....

[L-s-L69]

The article states that this "18 year old" is the author, but later on it talks about how he was "observed testing" which all sounds a bit dubious. Assuming he is the author I have very little sympathy, virus writers need to be accountable for their actions. If however he is just been made a scapegoat......

Re:Assuming this is true....

[sperling]

This guy's probably just a kid that grabbed the worm while it were passing, modded it a little and passed it on. I doubt it's the original author...
Although, looking at how lousy that worm was implemented, the authour might be dumb enough to get caught.

Seriously? Arrest Microsoft, Inc.

[Drakon]

This is a ~10 year old vulnerability in DCOM.
Corporate neglagence is still a crime. and Corporations are Individuals, therefore Microsoft, Inc. Should be incarcerated.

Re:Seriously? Arrest Microsoft, Inc.

[EvilTwinSkippy]

Exactly how do you put a fictitious legal entity in Jail? Or perhaps you meant the entire company and everyone who worked there.

I'm a firm believer that Microsoft, for all it's faults, isn't nearly as much of a problem as it's doting customers. Microsoft has ALWAYS been terrible at security. This is not news. So who the hell keeps buying their crap?

Start charging the folks who deploy Microsoft for negligence.

Re:Seriously? Arrest Microsoft, Inc.

[beacher]

Ralph Nader brought the automotive industries up to safety standards. I'm too young to remember the public's preception of him, but it sounds like we need someone like him around again. Microsoft has enough defects inside it's operating system to make it the 2000's equivalent of the Ford Pinto. They should be held accountable.

What about the users though? This isn't the 70's and information is readily available about Microsoft's security practices. Why do they do it? Is it like riding a rollercoaster that has a 6 junction split at the end, only 2 of which leads to the egress queue, 3 of which leave you hanging on the top of a hill until you debug the rollercoaster, and the final split has a jump through a fiery ring with no landing zone? I mean come on, they all saw the rollercoaster... They all knew the ramifications of their actions.. What about them?

-B

Re:Seriously? Arrest Microsoft, Inc.

[commodoresloat]

Exactly how do you put a fictitious legal entity in Jail?

Build a fence around the Microsoft Campus. The Great Wall of Redmond.

Re:Seriously? Arrest Microsoft, Inc.

[Sycraft-fu]

Should we likewise lock up the BIND people for their big vunerability that happen a couple years ago? Maybe we should lock them up and every person who ever looked at the source, since they were all also obviously neglegent since they failed to notice it.

Or maybe, just maybe, it is possible for people to look at code and miss something, because it hasn't been tried before, isn't obvious, etc.

Give me a break I can list plenty of OSS applications that have had some doozy security holes discovered. This doesn't mean the developers or those that reviewed the code were neglegent, just that they did not manage to see the problem. It is hard to predict everything that can go wrong when you have, quite literally, an infinite amount of different kinds of bad, unexpected, data that can be sent to your program.

Re:Seriously? Arrest Microsoft, Inc.

[dmaxwell]

Build a fence around the Microsoft Campus. The Great Wall of Redmond.

And when the Mongolians come to tear it down, we'll dump sweet-and-sour pork on their heads.

Re:Seriously? Arrest Microsoft, Inc.

[Darth_Burrito]

A company I once worked for, NCR (National Cash Register), built a moat around their headquarters.

Re:Seriously? Arrest Microsoft, Inc.

[elel]

So who the hell keeps buying their crap?

Companies that don't want to spend a large amount of money on employees, but don't necessarily mind spending astronimcally on license fees for MegaCorpOS. It's easy to sell windows products to suits because they use windows at home. It's not easy to sell OSS solutions because they immediately associate it with Linux which isn't as expensive as commercial unix solutions and therefore bad.

I have noticed that it's much easier to sell people on OSS/Unix backend solutions that don't require any interaction. We're finally moving our MX off of exchange to sendmail. Sendmail on Solaris, but I wasn't here when they made their initial purchasing decisions.

Start charging the folks who deploy Microsoft for negligence.

I don't like using Microsoft anymore than the next devoted Linux fan, kernel changelog reader, and developer, but I did learn something from last week's virus explosion. After we were down all of Monday, I went to my manager and explained that all of this could have been prevented had we actually used some of the features of using Win2k (group policies, etc). He just shook his head and explained that we were told we couldn't push out updates because they may break installed applications. There are, after all, developers using these machines. *groans* We've since made our case to the appropriate people in charge and can now push out all the updates we want. Prior to sobig.f and msblast/welchia the netadmin department sent out copious e-mails, reminded everyone when they saw them, and even went so far as to put pieces of paper with instructions on the doors to break rooms, the office, etc. None of the end-users patched their machines. E-mails were ignored, pieces of paper all over the office warning about the DCOM exploit and instructions for patching were ignored. The problem is slightly larger than "Microsoft Sucks" IMHO.

How many "UNIX System Administrators" do you know that are running around with exploitable desktops/servers at home/work? Who patches everything they have the day that patches are released? Overall laziness is a much larger problem than Microsoft's inability to write a secure or stable product.

Re:Seriously? Arrest Microsoft, Inc.

[Slack3r78]

Except Ralph Nader didn't just attack the automotive industry's real problems. He created problems that didn't exist to gain publicity for his cause. That said, it's important to note Nader wasn't the one who "blew the whistle" on the Pinto. But here's a car that he did:

From 1959 to 1969, GM produced a car under the name of the Chevrolet Corvair. The Corvair was radically different from any other American car produced at the time. It was rear engine and powered by an air-cooled V6. This made it a perfect target for the type of attack Nader wanted to launch. It was different, and therefore, suspect. Now, the way the rear suspension of the car was originally designed, under heavy cornering, the rear wheels could take on a positive camber, which Nader charged GM knew made the car prone to rollovers, yet did nothing about. Serious charges to say the least. Did I mention that GM was not only aware of the "problem" (more on that later) but had fixed it before Nader's book "Unsafe At Any Speed" was released?

To say the least, these were serious charges which outraged the public, and cost GM dearly with negative publicity. But here's the thing - in response to these charges, the National Highway Transportation Agency decided to put both styles of Corvair and a few of its competitors through severe handling tests. Neither the original style Corvair nor the later style with camber compensation showed any handling abnormalities and did not roll in ANY single test. There's a much more detailed bit of information about the whole situation here.

So what you have is Nader using people's fear of the unknown to generate massive publicity at GM's expense with little to no actual evidence on claims which are eventually proven by both the NHTA and an independent panel to be totally false. In fact, in the years since then, Nader has even admitted that the only reason the Corvair was targeted was because GM was the largest automotive manufacturer at the time, not because of any real problems with the car. And this is the reason that while I may agree with some of his ideals, I would absolutely NEVER vote for Ralph Nader. He's no less of a liar than the ones he ridicules.

He did not write MS blaster

[watzinaneihm]

I submitted this story sometime ago, but got rejected. The kid actually did not write the MSBlaster worm, he modified it to make it more potent and released it. story here

Re:He did not write MS blaster

[sacrilicious]

Scene: lockdown time in fed pen.

MSBlaster Author: Hey, why are you guys sneaking into my cell?
Big Burt: To teach you a little lesson. Here in the pen, there are two types we don't like: child molesters and computer virus writers.
(Others): *menacing mutters of assent*
MSBlaster Author: But MY virus attacked Windows systems!
Large Larry: Oh! Hey, that's cool. We thought you were attacking linux. We're very sorry to bother you, we'll be leaving now.

Bragging

[PrImED73]

Perhaps, as some kids are at that age do (not all before you flame me), he had been bragging about it in an irc chat room, had an enemy/concerned chatter catch wind of it and reported it to the feds with logs and IP information.

Why not eh? stranger things have happened at sea.

relevant haiku

[deathcow]

my progeny worm
set loose to exploit your holes
mine left for inmates

Re:relevant haiku

[commodoresloat]

prison rape is not
a laughing matter. I think
you are all sick fucks

Re:relevant haiku

[liquidsin]

geek who goes to jail
gets to learn all about sex.
he's one-up on you!

Re:If

[jheinen]

Didn't download the patch huh?

His defense...

[r00zky]

...I got a virus in my computer and... and... it wrote another itself!

Just remember this

HAX0R!!!

It can take weeks of computer forensics to identify what someone was creating on a computer, so I doubt very much that they're 100% certain this kid is guilty without inspecting his equipment. And last I checked they need proof before assigning guilt (unless Ashcroft's already removed that clause from US law).

Yo, RTFP/RTFA

[RedBear]

Yo, RFTP/RTFA. It says in both the article and the post that the witness saw the person "testing" the virus, not writing it. Which is even more scary in a way. How did the witness know what he was doing? What day was it? Which version is he supposed to have written? Oh, and there has been "no arrest made in this matter yet."

The BBC article contains a bit more info: It says he's suspected of altering the original MSBlast worm into one that would cause more damage.

It also says: "Reports suggest he is likely to be arrested by the end of the day." WTF? They're giving him advance warning?!? Run, boy, RUN!!! LOL.

Vigilante Virus Writer

[Toddimer]

"Instead he is suspected of altering the worm into a variant that did more damage than the original."

Another /. article recently exposed a variation of this virus that actually cleaned up Blaster by automatically patching the "infected" computer, yet caused more trouble than the original in terms of network traffic.

I wonder if this could be the variation they suspect the teen worked on? If so, it could turn into a slippery moral slope for the press to take a stand on either way...

Re:If

[Blikank]

Thank god he's 18 and fully accountable.

no imagenation...

[schappim]

Anyone who's imagenation peaks at nameing one of the most significant viruses of out time as 'MS Blaster' deserves to get caught!

No wonder he got caught

[Xel'Naga]

IIRC, the boy tried to DDOS www.windowsupdate.com, which is not the URL people usually use for windowsupdate.
Makes you wonder what a professional terrorist could do. The worm could have been far more destructive.

It is so obvious that Microsoft wrote this article

[dodell]

Infected computers were programmed to automatically launch an attack on a Web site operated by Microsoft, which the software maker easily blunted. The site, windowsupdate.com, is used to deliver repairing software patches to Microsoft customers to prevent against these types of infections.

Talk about an advertisement.

Anyway, doesn't it ever occur to the press that Microsoft could actually be doing a better job researching into securifying their products *pre* release? Right now (as everyone knows), they're submitting corporate-level products to corporations, making gazillions of dollars, and ignoring any bugs until someone points them out.

When is somebody going to finally decide to call them on this and force Microsoft to do a security audit? :\

Whoa. Call the NSA. Call the Guiness Book of Rec's

[jabbadabbadoo]

The worlds most intelligent bystander has just been identified.

He's innocent.

[Rogerborg]

Or have we forgotten how the system works?

Alleged writer. Innocent until proven guilty beyond all reasonable doubt.

Based on this report, the evidence so far is one witness of unknown competence. "Testing the infection"? I "tested the infection" yesterday by making sure that AVG can contain Blaster.

Oh, I'm sure that the FBI aren't (quite) dumb enough to announce this without doing some investigation, but the fact that they're announcing it as a fait accompli before they've even made the arrest indicates that this is a PR exercise.

But that's irrelevant speculation, because whatever their or my or your opinion on it, this guy is innocent... pause for breath... until proven guilty beyond all reasonable doubt. Let's drop the tabloid press pack mentality here.

Re:He's innocent.

[Frodrick]

Or have we forgotten how the system works?

Alleged writer. Innocent until proven guilty beyond all reasonable doubt.

That was pre-911. Now it is "You're guilty because we say so. Either plead guilty now or A) be charged with enough trumped-up bullshit to keep you in jail for life, or B) we will just hold you for eternity as a 'material witness'".

Never attribute to conspiracy.....

[TechnoGrl]

....what can just as easily be attributed to stupidity.

I guess this puts a finish to the "spammers are releasing viri into the wild" theories??

Cryptic message

Researchers also discovered another message hidden inside the infection that appeared (emphasis added) to taunt Microsoft Chairman Bill Gates: "billy gates why do you make this possible? Stop making money and fix your software!"

Yup, that's cryptic alright. I'll bet the FBI's first question will be to ask what he meant by that.

can you say PENIS?

[leuk_he]

from the story:

The "Blaster.B" version of the infection, which began spreading Aug. 13, was remarkably similar to the original Blaster worm that struck two days earlier; experts said its author made few changes, including renaming the infecting-file from "msblast" to an anatomical reference.

can you say "PENIS.EXE" that was the executable name of the variant.

And any bystander seeing some kid playing with "PENIS" might call the police.

How to code this: "RENAME MSBLAST.EXE PENIS.EXE" (and a replace of the strings)

Re:If

[tankdilla]

Would've been kinda funny if the kid was actually a kid, like 12 yrs old or something. The headlines would say:

***World crippled by 12 year old***

Who would've gotten blamed then and what would've been the consequences?

Where's the legal defense fund?

[goldspider]

This kid wasn't doing ANYTHING WRONG!

This is the beauty of OPEN SOURCE!! He got ahold of some code, modified and improved it, and released it back into the public domain! That's how it's SUPPOSED to work!

Think of the outrage that would have been touched off if he kept the modified code for his own use... INFORMATION WANTS TO BE FREE!!!

Where do I send my money? This guy is a HERO, not a CRIMINAL!

Re:If

[davmoo]

Yes, I did. And in fact I did before the virus was even released. Further, I blocked port 135 at my router the day the virus was released. I have never even once had a virus infect any computer I own, even the ones running Microsoft OSes and Outlook/Outlook Express, and I've owned computers since 1980 starting with a TRS-80 Model 1.

Don't assume that because I think the little shits that write viruses should be held accountable for their actions that I am a newbie, a Microsoft fanboy, or a victim. You would be very wrong on all three counts.

If I were to remove the driver side window from my car and replace it with a piece of trash bag, making the car obviously insecure to anyone with more than two brain cells, that still does not give someone the right to damage the interior of my car. Likewise, just because Microsoft peddles insecure garbage does not give some little pimple-faced moron with no social life other than his left hand the right to damage someone's computer.

Re:writing viruses shouldnt be illegal

[Frodrick]

writing viruses shouldnt be illegal

I am pretty sure it isn't illegal. What is illegal is putting it on someone's computer or network without permission, intentionally spreading it (in an active form) or allowing it to spread itself across space one does not own.

Since a virus is nothing more than a computer program, it would be incredibly difficult to make writing one illegal without catching a lot of legitimate software in the same net.

eg - Under a literal interpretation of one of Britain's early "anti-virus/anti-trojan" statutes, Windows 95 would have qualified as a 70 megabyte trojan!

No blame for MS?

[bucketman]

So the writers of these virii certainly are doing a bad thing and certainly are aware of this, but it seems to me that Windows/Outlook/Office ship with a big red button and endless admonitions not to push it. Of the two, the button maker and the button pusher, I know who I find fault with most, but I suspect that the media and most observers are becoming accustomed to these ridiculous risk exposures as somehow inherent in computing and thus tend not to blame the button maker. Think also that this effect has something to do with why these problems never seem to actually get *fixed*.

Re:No blame for MS?

The way I see it, FBI makes a highly publicized arrest, only days after the worms hit, "Justice is Served!! TADA!!! HUZZAH HUZZA!!!" and some stupid kid (Let's face it, how smart were you at 18?) goes to Sing-Sing to toss his cellmate's salad for the next 12 years, while Microsoft, the REAL villains in this tiny psychodrama are not only held NOT accountable for selling the Corporate and Government worlds a phony song and dance about the security of their products and in the end Mr. and Mrs. Joe Public can rest easy in the knowledge that a child will rot in prison for the next decade, while they suck up the next release of Windoze EZ with EVEN MORE security holes and continue to buy the drek that the Internet is a safe mainstream commodity... UNTIL THE NEXT TIME IT HAPPENS AGAIN...

Frankly I'm not sure if the kid deserves jail time or a medal for giving the world a wakeup call.

If an 18 year old script kiddie can bring the world to it's knees overnight, I think that speaks VOLUMES about what's REALLY WRONG with the software industry and the garden path it's leading us all down.

Re:No blame for MS?

[DirkDaring]

I bet you are in the same nut camp that wants to punish the gun makers every time someone goes off the deep and goes on a shooting spree.

That darn insecure Smith & Wesson!

One word:

[Motherfucking+Shit]

Mafiaboy.

Given the age (he was only 15!), and given the media, he was still crucified. There was no sympathy angle, there was no "youngster gets hassled by overzealous feds" angle. He was, as could be expected, generally portrayed as an evil h4x0r who DoSed eTrade, eBay, Yahoo, etc.

No, whomever launched MSBlaster.B is not going to become a media darling, and he damned sure isn't going to win the hearts and minds of Joe Sixpack, whose computer kept rebooting itself due to the various incarnations of MSBlaster.

From a personal standpoint, I think it's sort of shitty that this kid is getting busted for what seems to amount to no more than a bit of hex editing. I'd rather see the FBI investing its resources into tracking down the author of the original MSBlaster (as opposed to a barely-modified variant which didn't propagate widely)... And I'd much rather see them go after whatever assclown is responsible for SoBig.F, of which I've now received more than 6,000 copies at 100KB apiece. That's not to say that they aren't investigating these things, and I hope they find the perps eventually; but I think it's a bad deal that they're going to bust a kid who made a knock-off instead of the guy who started it.

I really don't buy the sympathy angle. The guy allegedly launched a worm variant, he probably bragged about it (another similarity to Mafiaboy), according to MSNBC, the FBI subpoenaed IRC server logs to track him down. Launch a worm and gloat about it to your 31337 buddies, and you get what's coming.

Re:One word:

[delcielo]

"No, whomever launched MSBlaster.B is not going to become a media darling"

And he shouldn't. At 18 he knows the score for breaking the law. He also knows the damage this virus could cause.

People who say he's just a misunderstood child, or that he didn't really cause any harm are kind of kidding themselves. Millions were spent cleaning up this mess, and at 18 he may be childish; but he's not a child.

By all means, keep going after the bigger fish; but don't give this punk a pass just because he's 18. He knew what he was doing, and he knew the consequences. Now let him face them like a responsible adult.

Re:how odd, not the situation here in UK

[SlamMan]

Dude, that was totally incoherent. Go get your coffee, and try again.

Thank you - If I had mod points, you == +1

Folks, I know that "prison rape" jokes sound funny. I know that everyone gets a laugh when someone mentions "federal pound-me-in-the-ass prison." Yes, Office Space was one of the best movies ever made. No, that doesn't make prison rape hilarious.

Imagine if it were you in prison.

I have been incarcerated, and while I wasn't physically accosted (though I don't doubt that it may have happened if I'd been prescribed a longer stay), the sexual humiliation was probably the worst part of the experience. Prisoners have to shower. Together. And the jailors have seemingly no end of dick-jokes.

You have to disrobe before you get into the shower, obviously. You leave your prison garb in a "cubby" type lockeresque rack, and you hope that a) you remember which cubby you put your garb in and b) some joker doesn't forget such and take yours by accident.

After taking your clothes off, you have to pass by several guards before you get into the showers proper. And the guards utter sexually oriented insults to every inmate who walks past. "Hey smallcock." "How come you're so eager to get in the shower with a bunch of naked men?" "I bet all these guys want to have a big orgy!" "Today was grits and eggs for breakfast, but it must be sausage for dinner!" "Look at this, a whole shower full of little dicks!" etc. No, I'm not joking, the jailors really say this shit.

This was humiliating enough. I can't imagine the torture of actual prison rape. It happens, people, and it's very real. The things that go on in jail, most people (who, of course, have never been to jail) would not believe unless they witnessed it themselves. I hope that you don't have to, but at the same time, please have a modicum of respect for those of us who have been there, and those who are still there for whatever reason. I'm not asking you to have sympathy for people who have committed crimes; you do the crime, you do the time. But being a criminal does not mean you deserve sexual assault.

No aspect of prison is funny.

None.

Re:Thank you - If I had mod points, you == +1

[NeMon'ess]

Tim Allen was able to make fun of prison, and he was there. He did not make light of prison rape, but prison can be funny. Anything can be funny to some people. I was infuriated when some asshat posted about driving by a bicyclist and yelling into his ear to make him crash. The comment just wasn't funny because it wasn't phrased into a joke. Despite personally being startled on purpose by passengers driving by me on my bike, I could yet laugh at that were it a joke. Instead it was as funny as "drive by and knock down mail boxes with a bat, its fun!"

Re:Thank you - If I had mod points, you == +1

[Johnny+Mnemonic]

But being a criminal does not mean you deserve sexual assault.

I agree. I believe that this part of prison constitutes cruel and unusual punishment, and I believe that were I to be a prisoner and subjected to rape with a complicit guarding authority, I would sue on those grounds. Maybe that's unrealistic.

However, please have a modicum of respect for those of us who have been there does not help your argument. It is precisely this lack of respect that allows rapes such as you describe, and I think that arguing for respect for convicted criminals will not sway the minds of your audience. Better, I think, to pursue lines of prison rape as being extra-ordinary punishment, not bounded by our system of law.

Re:Thank you - If I had mod points, you == +1

[DataCannibal]

Actually, the amount of jokes about prison rape, SCO "having to bite the pillow", somebody or other getting "bitchslappped", somebody or other being somebody's "ho'", etc etc and fucking cetera, on Slashdot makes me realise that the cliche about the majority of geeks having sexual problems and hangups of some nature are true. You know, typical virgin teenage boys.

Re:Thank you - If I had mod points, you == +1

[LarsWestergren]

Good points.

A relevant link: Stop Prison Rape
http://www.spr.org/

As for the hostile jerks who said you had what was coming to you and deserve no sympathy, I really hope they get to spend a night in jail too. Let's see if they are so quick to condemn people after that.

Re:Thank you - If I had mod points, you == +1

[crawling_chaos]

Do you really feel that the brutalization of minor criminals will do anything more than turn them into brutes? Remember, I'm not talking about lifers, these folks will be released back into society. I don't think that prison should be a stay in a hotel, but allowing the inmates to live in conditions out of The Lord of the Flies doesn't seem to fulfill the purpose of prison in the first place.

It's thinking like this that makes outfits like the Taliban possible. Crime went down in Afghanistan after they assumed control, after all. Do you really want to live in that kind of state?

Re:Thank you - If I had mod points, you == +1

[Zirnike]

"No aspect of prison is funny."

I'm with George Carlin on this one (not a direct quote, haven't listened to the album in a while): 'People keep saying that this isn't funny, or that isn't funny, or that you shouldn't joke about things. Like rape. You shouldn't joke about rape - it isn't funny. Well, anything can be funny. Rape can be funny. For example: Picture Porky Pig raping Elmer Fud. Now that's funny! Why do you think they call him Porky?'

People's sense of humor is completely unrelated to what they think SHOULD be funny. I don't find prison rape to be amusing. I know that we have a 60% misconviction rate for capital offenses, nevermind more minor ones. That isn't the reason I don't think it's funny, though. People DO NOT have control over what they think is funny. Lecturing them isn't going to help.

I find Canadian jokes to be amusing. I have a lot of Canadian friends. The only person I work with with a decent sense of humor is Canadian (and I get a lot of the jokes from him, too). And guess what? My father is over 1/2 Canadian.

All this PC crap has gotta stop. You don't think it's funny, fine. Other people do. That isn't even their choice! Don't get mad at them for it.

Takes two to tango

[steveheath]

I'm not defending the virus writer here, but doesn't it take at least two to cause problems on the scale Blaster and others have? There's the buggy OS or some rubbishy server software or bad IT mgt to blame too. Can anyone say 'scapegoat'? I personally don't think locking up (or whatever) some 18yr old kid will make the net a safer place to be, that comes with good software and mgt.

If I were to defend the virus writer: virii are often very clever and neat pieces of code. They usually show that someone has been wise enough to spot an exploit and demonstrate it. In some cases they only get out by mistake. Surely it's better to know about holes in software than hide from them? Virii practically do software vendors the service of testing their code - perhaps they should even be paid for it?!?!

I like that idea: virii could be seen as an overt way to force closed source software into improving? A kinda predatory unit test :)

He is already under surveillance

[abhikhurana]

According to Seattle Times, The 18-year-old suspect already has been questioned and put under surveillance, and is expected to be in custody by 1:30 p.m. (PST) and will also be charged as an adult

Re:how odd, not the situation here in UK

[GigsVT]

He's sorta right, it's similar here in the US. Anytime you are detained, you are technically under arrest. If you say "Can I leave now" and they say "no", then you are basically under arrest. At that time it's best to not say anything more.

more news

[Molina+the+Bofh]

Redmond, VA: The youngster will be charged by two companies with accusations of reverse engineering. Citing the Digital Millennium Copyright Act (DMCA), Microsoft is accusing him of implementing a piece of code that circunvents patented Microsoft's Windows protection.

Richard Ludwig, attorney for Microsoft, said "My clients believe that the writer of this virus is actively destroying the value of my client's proprietary technology, and demand that this viral activity cease immediately."

Mark Scheise, attorney for SCO, said the teenager violated its intellectual property rights by using SCO code in the virus. He said that each bit from its code was a perfect match with SCO's code. "He was using exactly the same two bits as SCO, just in another sequence". Scheise also added that this was not just a coincidence, and denied any request to disclose wich are the two bits. "I can't tell you wich are these two bits, but I assure you they're the same as thos used by SCO".

Another possibility is that this is FUD.

[skandalfo]

Maybe the FBI is copying SCO's tactics here, probably pushed on by Microsoft too, who are the ones actually responsible and the ones trying to cover their back.

It could be that there isn't any 18 year old programmer, nor any witness either. It may be only a tactic to spread FUD among any potential future virus writers, so that they think "Hey! They've actually caught one virus writer. They could also catch me."

So... my particular conspiracy theory is that there's no one about to be caught, but that this FUD move would serve these purposes:

• Make public oppinion think the FBI isn't helpless when fighting back virus writers (scapegoat for the FBI).
• FUD potential future virus writers out of business, so hopefully reducing the efforts needed by Microsoft and the FBI in the future in this front.
• Taking attention away from the fact that it's Microsoft fault to implement these "please don't hack me" security policies.

7-11

[golgotha007]

i hope he gets to finish his Big Gulp before the feds throw him in the van...

The most likely reason

[JamesP]

is that this guy was caught using telnet/pine to read his mail at home and some other kid saw this "very complicated" screen with no buttons and not even a paper clip to help in this task

So, he's quite obviously 1337 h4x0r...

Re:how odd, not the situation here in UK

[DrSkwid]

At that time it's best to not say anything more.

Especially if you have not been read your rights. Technicalities like that can sometimes get you away scott free, guilty or not.

Usually, however, you are asked at interview if you have been read your rights.

I used to help run arrest awareness workshops. I made a great bastard copper. I've had people crying without much encouragement. If you are involved in any kind of protest group that is likely to brush with the law, practice at hostile interviews is invaluable. When people are scared their mouths tend to flap. They are conditioned by TV to start explaining *why* they committed the "crime". Cops don't care about truth and justice, they care about arrest rates. They want both parties to admit wrong doing and let the CPS/DA decide who to charge.

Can We Finally Consolidate Bumper Stickers?

[syntap]

With "Free Kevin" already on my bumper I'm running out of room... can we just have a "Free Hackerz" or "Free Lamerz" sticker for this one?

Interesting

[Sycraft-fu]

Yet cars seem to still have so many security faults that are known, document, but unfixed. The biggest one is the highspeed collision. Running a car into another object, espically a car moving the the opposite direction, is highly likely to cause a catastrophic failure that often results in serious injury or death. This is a known flaw, it isn't like it is a mystery what happens when cars crash. It is even something that can be fixed to a degree with more durable, race-car style frames and 5/8 point safety harnessess instead of seatbelts.

Now of course this isn't seen as a reason to sue car makers because it is an unintended way of using your car. You aren't SUPPOSED to crash it, and if you are a good driver you won't unless another bad driver hits you. The things that concern people are when cars fail when they do nothing wrong, ie the Firestone tire thing, or when the kind of failure is out of perportion with the mistake, ie low speed collison leads to gas tank explosion.

Well, see, with computer security vunerabilites you are talking about people making unexpected use of your product. They are sending bad data to it, data it isn't designed to accept or work with. Somethimes this causes an unexpected result.

So as far as I'm concerned, the computer world already has BETTER safety than automobiles. People can do all sorts of nasty, unexpected things to my computer, and it will shrug them off as if it were nothing. Any time some problem IS discovered, I am given an update to fix it. This would be like driving around in a car that had unpickable locks, un breakable glass, would not damage you or itself when you hit a wall, etc. Then if it was discovered that, for example, a certian acid could melt your locks and let someone in, they'd send you new locks that were impervious to that.

Now of course software is virtual and so this can be done whereas it can't with a physical thing liek cars, but I'm not seeing any problems here. All security holes come from assholes trying to do things they shouldn't. I gaurentee if you setup a seperate physical trusted network with only users you know to not be hax0rs you will never find a system comprmised, even if they all remaing unpatched. It is only when you connect to the internet and every asshat is free to try and do all sorts of things they shouldn't are you in any danger.

Re:Punishment fit the crime...

[DirkDaring]

Runied more lines than most murderes? Are you kidding me? Do you know the impact of families when a loved one is killed? This was a freaking computer virus. It was fixed with a simple update. Sure, some people lost a day or productivity, some sites were shut down. You saying that missing a day to go to the DOT to get your damn car tags renewed is more damaging than the loss of a human life in a tragic murder shows how stupid you really are. It's no wonder you posted as AC.

Huh huh, he said penis...

Reread the article. They didn't bust the original author. They busted the lamewad that renamed msblast.exe to penis32.exe -- all he did was modify the existing virus.

Granted, the dipshit _touched_ the virus code and released a variant (albeit an extremely unoriginal one)

It was probably about as difficult as hex-editing a file. Gee. 5 minutes of dicking around is going to get him a life long prison ass pounding. Way to go, Genius.

And of course the uninformed media is going to paint the dumb bastard to be THE msblast author. Can anyone say "Scapegoat?"

Re:Huh huh, he said penis...

[Felinoid]

There is also a possability they busted someone who was just discecting blaster not making a new varent.

To a techno neophite there isn't much diffrence. If the guy decompiled the code and his friend looked over his sholder his friend would see someone with the blaster source.
Decompillers aren't so well known now a days so even an experenced programmer who might normally know what he is looking at might not recognise this as decompiler output and not original source code.

He might also not realise you generally can not recompile decompiled code.

Or the busted teen is an idiot who said "Hay watch this. I got blaster. Now I'm chaning it to penis32. Aren't I clever?"

Re:Huh huh, he said penis...

[jrockway]

Or, as my economics teacher says, "they can't really get him for anything". He suggests that they arrest the Microsoft engineers that allowed the flaw to exist.

Think about it this way:

If Blaster wasn't written, there wouldn't have been a Blaster epidemic.
If DCOM was secured by MS engineers, there wouldn't have been a Blaster epidemic.

So the virus author and MS are equally guilty. Take one out and there's no problem. Why is it the penniless virus writer instead of a huge corporation? Makes you think.

Re:Huh huh, he said penis...

[andy+landy]

In all fairness, the MS engineers did notice the flaw over a month before anyone exploited it, and patches have been available. My Windows XP machine here was fine throughout.

Maybe you should take them to court for creating 'del' - I imagine that's erased far more files than any virus ever has!

The problem, as ever, is *how* you use something, and it was the virus writers who abused the system.

Then again, maybe you could blame the millions of people out there who failed to keep their computers patched and updated, but that's another story...

Re:Huh huh, he said penis...

[aastanna]

Not that I want to defend Microsoft, but it's impossible to write a large software project without a few bugs. Yes, Microsoft could do a much better job with their software, but perfection is impossible.

Also, while I sympathize with the sentiment, I feel the logic you use is flawed. For example, a pedistrian gets hit by a drunk driver. If the pedistrian wasn't there he wouldn't have been hit, but it's still the drunk driver's fault.

Re:Huh huh, he said penis...

[$exyNerdie]

Here's that genius's picture - Jeffrey Lee Parson, 18, Minnesota teenager who officials said admitted to making a copycat variant of the devastating Blaster Internet worm.

He looks bald at age 18 !!

Re:A network administrator?

[danheskett]

Nope, thats not how law generally works in this country. If I am walking down the street and see some guy about to kill another guy with a hammer to the head I am under no legal obligation to attempt to dissuade or stop the would be killer. The same principle applies throughout all of American style-law, and I can't think of any exceptions where a person has an affirmative duty to thwart crime or criminals.

LOVE SAN!

[StrawberryFrog]

It is clear what has happened. Young passions don't last. San (Sandra? Sanchez? Sanitarytowel?) has finally cracked and dumped her acne-faced geek-boy in the worst possible way...

Re:A network administrator?

[arkanes]

Not 100% correct - if you saw it happen, and didn't do anything, for example, you didn't call the police, you could be liable in a number of ways. Especially if you were, for example, a security guard in charge of the area. You aren't required to put your own life at risk by physically protecting the stranger but you'd be in danger of criminal prosecution for negligence and certainly civil liability if you were in a position of authority with the ability to prevent a crime and you didn't do so.

Wrong initial reaction...?

[joshsnow]

When I read the piece, my initial reaction was, "They really should arrest Bill Gates". However, on some reflection, I'm not so sure Microsoft is the sole source of all the disruption over these worms.

OK, so the MS software makes worms and virus spreading relatively easy, due to activeX, executable mail attachments and bad security "out of the box" (open ports, exposed services such as RPC etc).

Still, if a motor manufacturer sold a mass market car without locks, windows or an alarm system, would anybody buy it?

The answer is, probably not. There's the issue of personal responsability to obtain a secure car. Same with software. Maybe it's all of those major businesses and misguided "CIOs" who keep buying Microsoft who ought to be arrested. Between them and the Microsoft execs, they've managed to create an environment which makes it easy for these bored young men to create worms.

Poor 18 year old guy. Why should he be arrested? After all, what's a script(kiddie) among friends?

Another version of the Blaster worm

[No2NT]

An the article is not kidding about variants of the blast worm. Two weeks ago we saw heavy destination traffic on port 4444 to random boxen on the internet. It turns out one of my client's linux boxen had been cracked into and a dropper that works just like the blaster virus starting hitting hundreds of outside servers. We tested it in a clean lab and it would infect but not install the worm properly. It was nice that he left source code and all. Makes me wonder just how many variants are still out there?

Here's the some of the source, might look familiar to some of you..... Hope the right person sees this. /*
**
** 2003/07/27 - DCOM RPC WIN32 remote exploit (Most languages)
**
** FlashSky/Benjurry and, H D Moore's code is very excellent.
** It works well even if change only return address.
** I didn't feel necessity for new make.
**
** Thankful to them.
**
** 2003/07/30 - Update, Added magic return address.
**
** kokanin supplied very excellent information:
** URL: http://lists.netsys.com/pipermail/full-disclosure/ 2003-July/012000.html
**
** * As well as Korean thanks to, a lot of systems can exploit.
**
** --
** Thank you.
**
** P.S: Sorry, for my poor english.
**
** --
** exploit by "you dong-hun"(Xpl017Elz), .
** My World: http://x82.i21c.net & http://x82.inetcop.org
*/

#include
#include
#include
#include
#include
#include

u_char bindstr[]={
0x05,0x00,0x0B,0x03,0x10,0x00,0x00,0x00,
0x48,0x00,0x00,0x00,0x7F,0x00,0x00,0x00,
0xD0,0x16,0xD0,0x16,0x00,0x00,0x00,0x00,

We all know who's really at fault here.

[Penguin2212]

The MSBlast worm was responsible for one of the worst computer security outbreaks of this year.

Where it should read....

Microsoft was responsible for one of the worst computer security outbreaks of this year.

From the BBC article found here

Personally, the media is more focused on promoting the stereotype of the teenage kid who has go nothing better to do that 'hack' computer systems. The emphasis should be on why it was so easy for an amateur was able to write such a destructive program. Bottom line is that Microsoft writes bad software, and people need to know this. Obviously Microsoft isn't 100% responsible for this, but making a media scapegoat isn't going to solve the underlying problem. I don't feel sorry at all for the Maryland Department of Motor Vehicles. They deserved what happened to them, it was only through their own ignorance that it happened. People in today's society want to use computer, bur rarely take the time to learn and understand even the most basic principles of how they work. And what heppens is after that, they expect techies like us to take their shit.

Prison rape

[Boing]

Okay, this will likely be treated as a troll, but I have a little karma to burn. I have issue with the people who are moderating the numerous "haha this guy will get raped in jail" comments as "funny". Prison rape is a serious issue, as much as real-world rape. This kid is eighteen. He did something that pissed off a lot of the world (including most of the people reading slashdot). But, legally or not, he's a damn kid. If you're older than eighteen, how many asswitted things did you do when you were that age? Would you have ever thought that the idea of you getting raped for any of them was acceptable?

I expect the comments in the first place. It's inevitable among any community that has people the likes of the "Frist p0st" and "go to cnn.com [secret link to goatse.cx]" commenters. But the moderation system is in place so that crap like that can get ignored by the people who don't want to hear it.

If you think it's funny, Obviously I can't/won't stop you from moderating it that way. But think about the real issue behind it before you encourage lighthearted humor about rape.

interestingly, The Virus had a GPL licence

[goombah99]

It turns out the virus had been released under a GPL licence. It was open source. The kid made some changes so he was REQUIRED by the GPL to release them.

But you are of course obliged to make a good faith efferot test your software and make sure it does not have simple bugs, compiles and runs before you release it. The kid was obviously just releasing his testing his changes prior to releasing the source as he was required to do under the GPL.

all viruses should be GPL. THen bill gates will really be right.

Prisoner rape is funny, ha ha

[RedBear]

Ha ha, yes, it is quite amusing to be sent to prison for a nonviolent offense (typing on a keyboard, for instance) and subsequently violently raped repeatedly by multiple large black men while the guards stand by and laugh and the prison wardens make no effort to keep it from happening. We will be sure to laugh heartily when you, your brother, father, son, uncle and/or cousins are sentenced to 30 days for some minor offense which they may or may not have committed. We will chuckle about the fact that they have a very good chance of coming home broken and scarred physically and psychologically by their horrifying experiences. Ha ha ha.

Rape is immoral. Rape is inhuman. Rape is cruel and unusual punishment, and we have laws against that. I always find it entertaining how our entire prison establishment feels these laws are unimportant, and our culture thinks that jokes about young, weak, and sometimes innocent people getting forcibly sodomized is a fabulous thing to joke about. Wait, no, I don't find it entertaining. I find it makes me sick to my stomach.

It's also heartening to see every prison rape joke getting a +5, Funny. Thank you, moderators. Great way to get karma. Keep up the good work.

Help Stop Prisoner Rape by not treating it like a joke.

Re:Prisoner rape is funny, ha ha

[ivanmarsh]

Blaster took down transportation systems, among other things, and put many people's lives in danger.

Rape is the least of what he deserves. Try him as a domestic terrorist under the patriot act an make him disappear.

Re:Prisoner rape is funny, ha ha

[pclminion]

Are you a raving lunatic or something? What the hell did the original poster say about prison rape? Am I missing something here? Oh, and nice crack about "large black men."

Folks I think this is a well disguised troll.

MS/Terrorism/18yrold?

[Loconut1389]

I love how microsoft said this was too organized to be just anybody, it had to be terrorism and it turns out to be some 18 year old. I figured it was a 12 year old or something, or maybe a monkey. Its wonderful (sarcastic) that thats all it takes to bring the internet to its knees due to sloppy coding from MS.

More info

[GyroTech]

A quick snippit of info over at The Register seems to hint that the kid did in fact write Blaster-B, not the patching varient (does anyone remeber CodeGreen after CodeRed??).
Seems that he was 'under surveillance', was caught testing the varient, and is going to be charged with writing the varient.

What to do with this kid?

[Capt_Troy]

So what do we do with this stupid kid? In an age when dorking around on your computer can cause millions of dollars in lost revenue (albiet, you probably know if you're about to release a worm), these things are going to happen more and more often.

1) Does this kid need to learn his lession in jail?
No, This kid is young. He's stupid. I'm sure he didn't do this realizing that he'd be headed to jail in a few months (if proven guilty). But what do you do with someone who's broken the law like this? Send him to Microsoft to learn how to fix bugs and become a programmer? Take him to the programmer who was responsible for the bug and tell them that this 18 year old kid made him look like a dumbass? Who knows?

2) Does Microsoft need to fix their insecurities?
This is as much MS's fault as it is anyone elses. I mean, if I bought a car (I hate to bring the whole car analogy thing up again) and someone came along and leaned up on it wrong and it stopped working. I'd be pissed at the manufacturer, not so much the leaner (who is laying on the ground with a bloody nose by now).

Just some thoughts.
T.

Vote on it!

[waynelorentz]

The Houston Chronicle version of the story allows you to vote on who's to blame:
Microsoft, The virus writers, or people who click on attachments.

Come on you anti-MS-types, get clicking!

Re:Vote on it!

[Che+Geuvarra]

The funny thing about the poll is that most of the uneducated feel that it is the virus writer who is the biggest threat. While I agree to that to a certain degree, one cannot not exploit a flawed system. If Microsoft made a decent operating system withough gaping security holes then the virus would have had limited capability. Also If scanning software did not pick it up the they share a bit of blame themselves. And anyon ignorant enough to ignore news, thier IT support staff( of which I am one) then it is primarily thier fault. The thing is we shgould pay the kid for exposing a major flaw in the OS that could be exploited by anyone and since many government agencies run on Windows systems that is extremely dangerous. Say what you want, The kid did people a favour by exposing microsoft for what it is a flawed system, designed to be that way for monetary gain. Che

Not quite

[Maxwell'sSilverLART]

He's innocent....Alleged writer. Innocent until proven guilty beyond all reasonable doubt.

Close. He is to be presumed innocent until proven guilty; the presumption doesn't change whether or not he is actually innocent, it only affects how he is tried.

For example: all those of you sharing MP3s of Metallica's latest: you are guilty of copyright infringement (as defined by statute); however, if (when?) you are picked up on charges, you will be presumed innocent by the court until proven guilty. That presumption does not change the historical fact that you did, indeed, break the law.

/pedantry

Re:how odd, not the situation here in UK

[DrSkwid]

eing an animal-rights ass or just fighting some dumbassed class war?

both

We are a place without wilderness.
Access to every square inch is under control.
Freedom is not just freedom of thought.
Without freedom of movement there is no freedom.

We have a saying, "The trouble with country folk is they lost touch with nature."

Misprison of a felony

[SunPin]

Look it up, amigo. If you know about a felony and you don't report it, you are guilty of cover-up and can serve time for your avoidance of doing the right thing.

You have an amazingly rosy view of how the law works in this country. You must be those law-abiding citizens with nothing to fear that I keep hearing about. When we have laws that will revoke habeas corpus for the bizarre and impossible crime of loitering with space aliens (1982, Department of defense appropriations bill) and the hard-hitting "conspiracy of one", you can and will go down for anything if they want you.

Do you think it's an accident that we have the largest prison population, in absolute and relative terms, in the world?

Re:you are clueless or evil.

[jamezw]

The logic here is unbelieveable. So if you forget to lock a window in your home, and a burglar comes in and steals your stuff, and the burglar gets caught, YOU should be prosecuted for burglary for leaving the window open?

Yeah, some might say YOU should be more careful for not locking the window... but the REAL criminal still is the burglar that took your stuff! M$ has some serious problems, but that doesn't mean we should lose all of our common sense JUST to attack them some more.

Does M$ software have security issues? Yeah. Should script kiddies be let off easy because they take advantage of these problems? No. They are no better than the burglar that entered your unlocked window!

We need to start making people take responsibility for their own ACTIONS and quit blaming others. It's like blaming a door-lock manufacturer because someone can pick the lock! There will always be people that take UNLAWFUL advantage of real or perceived situations. That doesn't mean they are any less to blame for their actions.

Prisoner rape is IRRELEVANT. . . .

[Salgak1]

The fact that the crime was PHYSICALLY non-violent is irrelevant. Distributing a virus causes destruction of virtual structures and physically important data. It may have been a non-violent offense, but it WAS a destructive offense, eating up God only knows how much in manpower, lost data, and wasted time.

As far as prisoner rape goes, it's a crime of violence, every feminist tells us so. If J.Random Virus Hacker goes to jail and gets raped, he/she reports the crime. The Authorities then have their job to do. . . if they don't do it, I'm sure they'd enjoy a spell in jail themselves.

On the other hand, nobody ever said prison was supposed to be all Tea and Crumpets, either: it's punishment for crimes committed and convicted. . .

Re:Prisoner rape is IRRELEVANT. . . .

[arkane1234]

On the other hand, nobody ever said prison was supposed to be all Tea and Crumpets, either: it's punishment for crimes committed and convicted. .

The punishment is incarceration, it is NOT sodomy. I have never heard a judge say in his/her verdict, "and I convict the defendant to 5 years of incarceration, with the occasional guy holding him down and taking him anally". NO. It's against the law. Just because it's prison, it doesn't mean it's alright to break laws. Gee, if that's the case, you could slip small boys into the prison for the whole yard to have a little fun with, jesus.

So you feel better now?

[miradu2000]

IS it really worth ruining a persons life, if he is found guilty, just becuase you as a sys admin had to deal with an inconvience. Windows update didn't go down, maybe some of your time was spent dealing with it, but that is YOUR JOB. And if your network isn't up to date with updates, IMHO, it's your damn fault.

Sadly he'l be the scaegoat while all the network admins, microsoft etc gets to go free. I just don't think that any punishment they give him will fit the crime... Personally i think he just needs to do some community service, what he did was wrong, but nothing truely bad.

Re:you are clueless or evil.

[BrokenHalo]

Exemplery[sic] justice is not justice

No. There's another word for it: lynching.

Re:you are clueless or evil.

[ipxodi]

The real bag guys in this whole thing are the ones with all the money in Redmond. It's their crap that's broken by design.

What a moronic statement - spoken like a true 14 year old.. If someone is driving a Corvette at 120 mph in downtown NYC and kills a pedestrian, is it Chevy's fault for making a car that goes that fast? Of course not.
Granted MS could do a better job of securing their OS's. But just because you CAN write a virus doesn't mean you SHOULD. There's some personal responsibility that we all need to take.

Belittling ourselves

[phorm]

Actually, considering the self-deprecating humour on slashdot, I wouldn't read too much into it. How many of us have joked about "slashdot readers being virgins." Mainly because we have a large geeky population, and many (but not all) of said geeky population lack the social skills to properly interface with members of the same gender, let alone the opposite sex.

The virgin isn't really a reference to sexual activity per-se, so much as it is a reference to the fact that somebody with so much a lack of a "life" probably is very likely sitting in front of a PC 24/7 and not meeting women.

Actually, sounds a lot like me in High School. Except that I didn't write viruses (custom backdoors to deal with people in the lab I didn't like, yes, but the teachers knew and found it amusing), and I now do have a social/sex life in addition to geeky pursuits.

Of course... another trademark of my geekdom is that said social life usually falls on the backburner whenever the newest Final Fantasy or RPG comes out... luckily the g/f is into 'em too (though I haven't gotten her on Warcraft/Starcraft or FPS yet).

Re:Belittling ourselves

[TheAncientHacker]

I've generally found that people making fun of "18 year old virgins" are, themselves, 20+ year old virgins.

Re:writing viruses shouldnt be illegal

[haeger]

Let's play "What if..."

What if I write a virus for my own education. I simply want to know if I can.

What if it accidentally infected my own computer.

It's not illegal to write viruses/worms/trojans and its not illegal to get infected, now what? I suspect one could get arrested for negligence(sp?), but really, what would happen in that situation?

Writing code should never be illegal IMHO. Just like making a hammer or a gun shouldn't be illegal. Using that code/hammer/gun to commit a crime should be illegal. Being clumsy is somewhat illegal already isn't it?

.haeger

There comes the question

[phorm]

Who would understand he was actually writing a virus? Well, perhaps a fellow coder, a hacker, a classmate?

But then that brings the question: such individuals are usually fairly close-knit. If you're around the dude long enough to realize his code is a blaster-variant, and he is somewhat of a friend, or good associate, would you turn him in? How many geeks would?

It's a hard decision, especially with a decent chance that with the current upset over said viruses even a script-kiddy variant-writer is going to get lynched after being caught. It'd make him/her a good example for other would-be virus writers, but would you do it to somebody you know?

Of course, many such geeks are vain. It could have been somebody declaring, "you think blaster was bad... wait until you see the badass variant I'm writing. I'm going to 0WZ0R J00"...

Bill Gates taunt in worm.

[RoadWarriorX]

Researchers also discovered another message hidden inside the infection that appeared to taunt Microsoft Chairman Bill Gates: "billy gates why do you make this possible? Stop making money and fix your software!"

Gee, maybe we should take his message more seriously. Maybe the author of the worm is correct in some aspects. Some say that Microsoft is solely to blame for this. I'd say it is not 100% correct. There is a shared blame for the security problems:

1. Microsoft, like many other companies, always preferred to have features and ease-of-use over security. To be fair, Microsoft and it's security initiatives have been somewhat successful, the preference still remains. The security problems still will continue.
2. The U.S. Government, specifically the Federal Trade Commission. They has continually ignored the fact that security problems in Microsoft software has costed the government, businesses and individuals billons of dollars combined over the years. We see that monetary quantification all of the time, however, the always forget the real impact of individuals. These security problems do affect the daily life of individuals, from deleted homework assignments to identity theft.
3. The Mass Market. This is because the mass-market of computer users want simplicity because they are not willing to take the time to learn about it's implications. They are technologically challenged. So, the mass-market users are mostly willing to sacrifice their security and privacy in order to have this simplicity. If they still continue to use products knowing that their time, their identity, their money and their life might be affected by the use of these products, then I do not feel sorry for them at all. They've made their consumer choices, let them learn from their mistakes.

--
No memory available for sig. Please reboot now.

Why Prison?

[merky1]

It seems that everyone here is focused on putting this guy in prison. I really can't justify putting someone who wrote a virus in prison while CEOs who have stole billions roam free.

Not to mention, there were two components to this problem. People need to stand up and take some responsibility when thier machines get infected. Personal firewalls and anti-virus have become common place, so I don't take that as an excuse.

Yes, the kid should get some probation, possibly some community service managing / repairing systems for underprivelaged folks. But then that would depend on the legal system being motivated by rehabilitation and not retribution.

Yawn, Yawn, Yawn

[Shivetya]

I see the same old tired crap "excuse" is alive and present.

Repeat the mantra. If its bad for Microsoft, can be blamed on Microsoft, or through sleight of fact be pinned on Microsoft

IT MUST BE GOOD FOR LINUX!

A crime is a crime. Just because they catch only a few looters during a riot doesn't mean they should go easy on them. Sorry, going easy just because he is not the only guilty party is stupid.

I guess that if you only kill one person its fair to get 7 years, but if you kill many you life (or death)... unless they were really bad people???

Logic like yours is what makes this community look bad.

I love /.'ers

[lordDogma]

Reading slashdot reminds me of being in high school. What passes for intellectual thought and sound logic around here is truly amazing.

/.'er: Um, gee whiz guys, by my calculation, Bill Gates should go to prison. He is at fault for the damage caused by MSBlaster because of the bugs in his software. The 18 year old kid is just a scapegoat like Kevin Mitnick.

Me: By that logic, the CEO of Honda and about a half other dozen car companies should go to jail for failing to make their cars more difficult to steal. And of course the guy who steals the car is just a scapegoat who we should actually be thanking for forcing car companies to install better locks.

/.'er: Um, gee whiz, according to the approximation I gathered from my latest regression analysis using 84-bit fixed point math and my weighted neural network Beowulf Cluster, that is correct.

Me: I see. And if someone breaks into your house by smashing a window, then the window manufacturer should be put in prison for failing to make the glass bullet-proof. And if the criminal walks off with your new TV then Sony should be sued because the TV didn't come with a chain and padlock. Well, now that we know what your computer thinks about all of this, have you tried applying some common sense to the issue?

Blame everyone except the criminal. How Juvenile. How Slashdotish.

-- LD

Re:Generalizations about black men are funny ha ha

[Henry+V+.009]

Actually, prison rape is a very racial thing. He was completely right to point out that it would almost certainly be large black men doing the raping. You see, the black gangs, and the Hispanic gangs, do not let anybody (else) touch members of their own race. The whites fail to form such gangs, and are victimized. Often the youngest white males, usually in for some sort of first time drug offence, are in the most danger. Check out the article Hard Time by Jared Taylor.

Scapegoat?

[Attaturk]

Apart from the obvious "innocent until proven guilty" matter, how about we don't publicly hang some kid for tweaking a virus until we've found the real author and proved his/her guilt.

Its MSBlaster NOT Blaster

[Mooncaller]

Stop propagating the MS spin. Just because MS has convinced the mainstream media and the Anti-virus software houses ( whos entire buisness is dependent on MS) to change the name does not mean everyone needs to do the same. The only true name for the virus is MSBlaster.

SUS people

[rabtech]

I highly suggest that ANYONE dealing with Microsoft products go setup SUS right now. (Software Update Services). It's a server that runs on the local network and pushes updates out to all Win2K/XP clients. Microsoft has not been idle and has actively been releasing new tools (Urlscan, Baseline Security Analyzer, SUS, etc)

1. Install SUS on one of your servers. Let it sync its updates, then log in and approve whatever updates you want to go out. Also set it up to automatically grab new updates from Microsoft every night.

2. In Active Directory, create a new group policy applied to the container that has all of your machines in it, or even to the entire enterprise. In this policy, add the Sus client MSI file to the software push (assign it).

3. Download the SUS ADM file, and import it in the group policy editor snapin. You will now see a new item under System Components - Windows Update. Select it, and set your options.... what server to go to, whether to install without user intervention (like every night at 3:00 am), and so on.

There are (free) log analyzers that will scan the log files and stuff the data into a SQL database, then produce a report from it detailing what machines installed what patches, what patches failed, and so on.

There really is no excuse. Once you do this, the ONLY thing you need to do is login to SusAdmin and approve updates from time to time (or use the hack to make it approve updates automatically every time they arrive.) This makes it a painless, easy, and foolproof process to patch all the Win2K/XP machines on your network.

Mod parent down: Racist link to important material

[naNoox]

While I initially found the article linked to be interesting (and appalling), I grew uncomfortable with what appeared to be a racist bent to the editorializing in the article.

A Google search turns up the fact that Jared Taylor is considered "America's most dangerous racist." The rest of the American Renaissance site is full of erudite but clearly racist commentary.

Yes, prison rape is appalling, but a better link for reference on the topic is this one for the original book on the subject, rather than a racist's view of the material.

Media-blitz acomming FBI are heros (NOT)

[gone.fishing]

On tonight's TV news and in tomorrows newspapers we will see and hear headlines that tell us that the blaster author has been caught and that he faces a lengthy prison sentence. This is what most people will hear and understand. The few who dig deeper will learn that this kid took the worm and created a variant of it.

What the kid allegidly did is wrong, if he did it, he deserves to be arrested, arraigned and go through the process and ultimately be punnished.

I smell a smoke screen here. It seems to me like the FBI is making this arrest and getting the publicity here for their own purposes. By making an arrest and getting publicity, they are doing something for themselves. People will think the FBI actually caught the guy that did it. That isn't true. They caught a stupid individual who took the code, changed it, and re-released it.

Now that the pressure is off, I doubt that the FBI will be able to afford many resources to keep hunting down the original author. They will keep some people on the case but the reality is that they will task most of the agents to other higher priority things now that this is going to the back burner.

To me, the FBI has achieved their goal - to divert publicity away from themselves but, they have not achieved justice which is what I would expect of them.

Stop Crying!!

[puppetier]

Connect to the internet at your own risk! A virus is simple a service provided you choose to accept. Sure there's no fancy dialog that ask you if you want to get infected but just by connecting to the internet and knownly running insecure software you are agreeing to anything that can happen to you. The internet is free ground, you can't govern it and no laws apply, i'm sorry to break it to you but you can't whine about what has happened here, it's your fault for connecting to the internet and knownly using insecure software. If you don't want a virus, shutdown, seriously. So stop blaming the author. He/She can only be liable for infections that he/she directly physically applied, all the rest is the fault of those that chose to accept it.

if you don't understand how the author isn't liable, it works like this.

The internet is Free ground, no laws, no government, anything goes. The virus author infects a computer, then the computer sends it out to the internet. Right there is where the liablity ends for the author. Because now it's up to an other computer to accept whats coming. Unless the author physically puts the virus in the computer through none 'internet' means then they can't be liable. It was the computer's choice to accpect what was coming from the internet, and so it's liable, but since a computer can't be liable and you are liable for your own computer then you are liable for getting infected, and infecting other computers that are connected through any law governed medium, anything except the internet. Again, your now infected computer sends the infection out through the internet, there now your liablity ends, you aren't liable for those infections. And it keeps going on. So it boils down to that everyone that got infected is equally liable as the author or more, because once that virus goes through the internet all liablity for it is dropped because no laws can apply to it. Think about it. It's comparible to open waters, or something that happens out in space or on another planet.

Re:Stop Crying!!

[lordDogma]

Ah, I see. So an arsonist who burns down 5000 acres of forest can only be held liable for the first tree that he sets on fire. It isn't the arsonist's fault that all of the other trees are so flamable that they caught fire due to a little wind!

That's right - blame the trees!

Let me guess - you're one of those people who think that the "root cause" of terrorism is poverty and hopelessness.

-- LD

Re:No sympathy for companies that were hosed...

[Cheech+Wizard]

So - if I break into your house and burglarize it, the police should simply tell you that you had the 'freedom' to better protect yourself' and the police should not get involved. Heck - They'd be saving you from yourself if they did.

Similar crimes

[DaveJay]

Let's view the original virus writer as the bank robber who masterminded a great vault robbery that entailed tunneling under the streets of Paris over the course of several weeks, and got away scot-free.

Let's then view the person they caught as someone who stumbled across the tunnels after the original bank robber got away, and used the tunnels to get into the vault and grab a few pieces the original bank robber left behind.

At this point, we can easily drum up sympathy for the second bank robber because his was a crime of opportunity -- he would never have gotten into the vault/released the virus if someone else hadn't already broken into the vault/written the virus first. We can also easily feel that his prosecution is unjust, as the "real" bank robber (who did far more harm) got away. So all of you who might feel that way, your feelings are reasonable and understandable. I had them at first, too.

They're also misguided, because his actions DID cause harm, and he did make a conscious decision to take the opportunity that presented itself. Your feelings would be better spent on someone who did no actual harm, and was instead being framed for a crime they did not commit.

Now, if the prosecutors in this case try and convict this person for writing the ORIGINAL virus, THEN it might be reasonable to have those feelings again. It would be akin to the second bank robber being blamed not for picking up scraps, but for the tunnels and major robbery that he didn't commit. In a way, he's being framed for a LARGER crime than he committed.

Then again, how do we know he didn't commit the larger crime? He could always just be claiming to be someone who found the tunnels afterward/renamed someone else's virus and sent it out. We can't be sure, and until someone else comes along as a suspect, most people would probably assume he was responsible for the whole thing.

Whew. Long post.

The lesson is this: don't be foolish enough to commit a crime of opportunity, lest you be charged with an enormity of crimes perpetrated by others who had the same opportunity -- or made the opportunity in the first place.

Here's the google cache of his website

[core+plexus]

Here's his page, which I see says its powered by trend micro.

-cp-