Slashdot Mirror
Sasser Author Under Arrest, Say German Police
Apogee writes "A number of german news websites, like n-tv, or the german yahoo news site (courtesy of the german press agency, lending this some credibility) (web sites in german) report that the programmer of the Sasser worm has been arrested by German police. The Sasser author is an 18-year-old man who was arrested on Friday in Rotenburg, Germany.
With the Sasser worm being the latest among worms that spread like wildfire among unpatched windows boxes, and apparently also caused serious computer outages and cost to the economy, how will this be transformed into an indictment?"
Update: 05/08 18:41 GMT by T : SexySas writes "As the German news site heise reports, the 18-year-old author of Sasser is responsible for Netsky, too. The German police is talking about 'a milestone in war against cybercrime'."
they shoulda waited until MS announced a reward for it first!
How can one make sure he was not framed?
Also what international terrorist law is he going to be tortured for?
http://www.channelnewsasia.com/stories/afp_world/v iew/83848/1/.html
The motives of the alleged Sasser author were still unclear, but Der Spiegel suggested the teen may have wanted to drum up business for his mother, who owns a company offering assistance to computer owners.
they were also arrested on Friday.
This is such a troll. There were worms that took down the Internet long before Bill Gates even knew wtf TCP/IP was. The sendmail worm didn't need Windows to effectively shut down most communications on the ARPANET, and Morris didn't use VBSCRIPT to write the worm.
Bottom line is that irresponsible writing of worms and viruses is a crime of indiscrimination and chaos, and deserves to be punished as such.
Here is Reuter's take on this and the news release at Biz Ink.
How did they find this guy? Was it that he was bragging like in the former MS worm cases, or was there a "higher technological power" involved?
Score: Pandering Karma Whore -5
find it ironic that an ad for Microsoft security services accompanies this story?
There is no reasonable defense against an idiot with an agenda
:wq
IF that person is found to be guilty ( Remember kids, innocent until proven guilty! ) than that person wil be solely held responsible for all damages Sasser has caused, is causing and will cause in the future.
Hate me!
How, exactly, is he any more liable than the millions who run insecure, unpatched machines? It is the end user's responsibility to keep their machines secure. If you leave the doors to your house open, and a large neon sign over the threshold saying 'WELCOME', you'll be *damned* lucky if your insurer would pay up. If he hadn't exploited it, someone else would have, and the result would have been the same.
The reponsibility lies with microsoft, for creating shite software, with inherent vulnerabilities, and with the users, for not bothering to have any kind of protection.
Was just about to submit this story. I see my lins are different, so you may find them useful too (they are in English):
An 18 year old has been arrested in Germany, suspect of being the creator of the Sasser worm, as reported by Yahoo news and many others. Sophos believes he may also be the author of Netsky.
granted, im no microsoft lover, but im also kind of against punks like this guy... he has probably cost me almost $500 since this worm started in my PERSONAL services to my friends and family in order to get this all cleared up..
as for ms, they should be considered just as guilty, with such a large corporate juggernaught they have, they should be able to look for these vulnerabalities early, and maybe go through some more extensive testing.. or at the VERY LEAST spend a million or so and tell they public they messed up, and how to fix it... (run windows update) at least this way, you have a educated public... ignornance is NOT strength.
WARNING: This sig does not contain a joke
Anyone else get the feeling that this worm, was either a test, or a big mistake, someone wrote it (most prob this guy) and not beliving that it would work (like T33kid with blaster) set it free, or set it free in a closed network, not relising the effect that it would have? Still, just shows the problems with the world today.
- http://www.milkme.co.uk
Grow up.
In other countries? He did damage in more than one country, but with the tangled web of extradition treaties etc, how will other countries deal with his arrest? Will they demand justice?
I guess the fact that he was in Germany, a country with a modern justice system and extradition treaties, will help. They have had a hell of a time in the past getting police in places like Russia and the Phillipines to co-operate.
Just another interesting adventure in the globalized, internet-driven world I guess.
See here in german and the google translation. Official say, there is no connection. Well ...
* Smile. People will wonder what you think. *
Excellent, hopefully they can ask hima simple question and we can put another argument to rest - Was he aware of the exploit from his own hacking, or being told about it by someone, or did he just read the exploit advisory from Microsoft when they released the patch?
Realistically odds have to favour just reading the advisory, but there have been plenty of claims to the contrary.
The next question is, will any media actually bother to find out and publish the answer to that question. I'm guessing "absolutely no chance in hell".
Jedidiah.
Craft Beer Programming T-shirts
Two possibilities as I see them. First the kid was stupid enough to write and release the worm from his own machine leaving behind traces or was not careful enough hiding his tracks. Second, the kids' machine was hacked and used to hide the real creator of the worm while releasing the worm. I haven't RTA but I think these two conclusions are logical.
Does it go on forever?
The article also referred to Der Spiegel
As reported in Der Spiegel
ah, mod points
Make him explain to my mother what a worm is, what he made it, and how to enable a firewall. That'd be punishment enough.
Read reviews of shopping cart software
I only came here to do two things; kick some ass, and drink some beer...looks like we're almost out of beer.
The Sasser author is an 18 year old man who was arrested on Friday in Rotenburg, Germany.
There is no such thing as an 18 year old man. Only somewhat a slashdot would think such a thing. This is clearly an atempt to get someone to trip up and admit to it. It is a trap people, dont believe it!
I hear this on BBC Radio news. A quick search of the BBC website gave me this link.
:D)
I also noticed this story from a while back, entitled "Hunt is on for Sasser worm writer".
(You've gotta love the BBCs use of Stock Graphics!
- Jax
A program exploits the extremely poor security track record of Microsoft products to spread itself. In my eyes, the provider of the broken software (=Microsoft) is just as much guilty as the person who made the self-disseminating program.
But history has shown that Microsoft cannot be sued while expecting to win. It's too big. In other words, Microsoft is above the law.
Didn't the creator of the Melissa virus get his sentence removed in exchange for helping the government with security stuff?
If so, the same thing could happen to this guy with the German government.
Vonal Declosion
We've got a few (3?) Rothenburg's in Germany. The one americans probably know the best is Rothenburg op der Tauber. :-)
Rothenburg a. d. Wümme is not the medival postcard town, it's just a small boring northern german town.
BTW: Wümme and Tauber are both rivers. German cities with same names ofter difference themselves by the rivers they lie at.
We suffer more in our imagination than in reality. - Seneca
Oh, by the way: after admitting the crime, he has been set free for now. Quote: "Keine Verdunkelungsgefahr" (Unlikely to disappear from the hands of police). See the Heise.de newsitem (german, use babelfish and the like to translate).
not really an important one, but still.
Sasser broke a new record in the time it took to find the worm, from the time the hole on which the worm was based was issued a public patch. Now that we, allegedly, have the worm's author, we can ask him whether it was rev-enged from the patch, or whether he had prior knowledge of the hole.
Shachar
P.S.
I would wager the former, but still interesting to get an authorative answer.
> And writing intentionally crappy operating systems isn't? Ask yourself: what would happen if they wrote something that was *perfect*?
Someone would complain the default colour scheme was crap.
However I am basing this on that fact he is 18 and on the assumption that he fits a profile of some kid who does n't have many friends and needs attention. I'm not saying I'm right, just my take as you'd be amazed on how many criminals get caught simply on the inability to keep their mouths shut.
Much as I'm pissed off with Microsoft for putting out software with so many holes, I think virus writers still have a lot to answer for.
I reckon he should get 10 minutes of prison time for every machine his trojan infected, since this is the time it probably takes someone on average to clean up the mess.
1,000,000 * 10 minutes = 166,667 hours = 6944 days = 19 years.
Seems fair to me, anyways...
Sure, these worms did cause a lot of inconvenience and downtime and such. But a (probably unintended) benefit of their outbreaks was that many vulnerable machines are now actually patched. Without these worms, if you hit a random 2K/XP machine on the net, there is a very good chance that you can take over the machine through either DCOM or LSASS (port 135 and 445 IIRC). Essentially, everyone can gain access to millions of machines, and the owners would probably be totally unaware. I'm not trying to defend the worm writer, but we all know that millions of people simply wouldn't patch until the machines keeps rebooting every few minutes.
My wife is forced to use XP at work. Her computer is set to auto-update, is firewalled, and has two up to date virus scanners. Despite taking all recommended precautions, her computer got sassered. Does anyone care to explain how she is in any way responsible?
Serial Meta Moderator
> That you expect perfection only goes to show that you are an American.
I -- Am -- Canadian!
> There is no such thing as a perfect system, in any engineering discipline.
By perfect, I meant: without bugs. I wasn't talking about features. Sorry for the confusion.
The dangers of knowledge trigger emotional distress in human beings.
I'm sorry, but any virus or worm writer that gets busted is just plain stupid. It's so simply to NOT get caught:
Step 1: Write virus/worm without your name, intials, alias, or any other identifying info.
Step 2: Release your virus/worm from an internet cafe, preferably one far from home, even a different city or country.
Step 3: Keep your mouth shut!!!
I mean, how hard can it be to avoid getting caught? I think most of these morons have the most trouble with steps 1 & 3, even if they're smart enough to manage step 2.
They would be what is commonly called "God". Nothing is perfect.
...I think he should be locked in a padded cell with a 486-SX and a copy of Windows v3.1 for company, I'd sooner have my left nut crushed in a vice rather than face that
I've noticed that everyone who is for abortion has already been born - Ronald Reagan
If it becomes that easy, and people don't get caught, then governments will have to react. Government might force an identification system where there will be no anonymity. They might have closed networks, where countries that don't agree with us are shut out. 1984 is going to happen because of these people. And givernment will use it as a legitimate reason to take away freedom from the rest of us. The .0001% of people who are anti-social criminals are going to cause the other 99% of us to lose freedom. That is why they should be punished harshly when they get caught.
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
hmmm...dump M$...go the GNU way but is any system really safe ?? Check out this news link ::
http://story.news.yahoo.com/news?tmpl=story&ncid=1 817&e=9&u=/zd/20040506/tc_zd/126378&sid=961207 51
~~~~~ rudga ~~~~~
how some of these so-called "genius" worm authors always manage to get busted. If any of them had a brain in their head and assuming they're not bed-ridden, they would stop being so headstrong and arrogant, and release the worm from an internet café. They could even wear a disguise, dye/cut their hair, or walk funny just in case the place had surveillance cameras about. It just seems to me that it would be so simple not to get caught at all.
The oppertunity to do the crime does not lessen the caupability of the criminal.
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
> My wife is forced to use XP at work. Her computer is set to auto-update, is firewalled, and has two up to date virus scanners. Despite taking all recommended precautions, her computer got sassered. Does anyone care to explain how she is in any way responsible?
;) How could it get through the firewall ?
She isn't, but my comment was about the trolling post at the top. Her network admins are
He should be punished to the maximum extent permitted by law - I don't care under which law. People who can't respect computers should not be allowed to (ab)use them. If he screws up his computer, it's his problem. But the moment he screws up boxes over internet, he's got to be punished hard. The punished should be harsh so that no other individual will ever attempt to write a virus. Microsoft users are already suffering with poor quality, tech-support and other stuff, guess they don't need viruses.
Slashdotters blaming someone other than Billy G or Stevie B for bad things.
In other news, Osama Bin Laden renounces Islam and donates his fortune to the James Randi organisation.
According to one of thousands of corollaries to Murphy's Law, a spelling correction on the net is guaranteed to contain at least one spelling mistake as well.
:-)
Of course, it's not "medival" but "medieval"..
Hardly likely to have happened, since according to the Yahoo! Germany newswire, Microsoft gave the vital hint to the German police that led to the arrest. Which makes you wonder whether they scanned their Apache..erm..IIS server logfiles to see who was reading about certain security alerts.
...but this man is the suspected author of the worm. The authorities haven't released his identity, nor how they arrived at the determination that he is the author.
Btw, Here'a an english version of the story.
Whoa!
I agree that worm writers are scum. They shouldn't be excused because someone else left a vulnerabilty for them to exploit.
But, especially at this point, I DO think that Microsoft deserves some blame too. SASSER follows in the wake of SQL Slammer and MSBlaster, arguably 2 of the most damaging buffer overflow exploits in many years. IIS has been repeatedly compromised by buffer overrun problems since its initial release.
It isn't hard to code an automated test for buffer overrun vulnerabilities. I have done it myself for embedded designs that I have done with TCP/IP capabilties. Admittedly, it was a much simpler task for my circumstances since my products support a very limited subset of TCP/IP, but then I don't have a legion of progranmmers at my disposal either.
Here' my point: given that you had a product that had suffered buffer overrun problems for yeras, wouldn't you test specifically for buffer overrun problems before release? Maybe I would give NT and win 2000 problems a pass but win2k3 and XP were both released after a long history of buffer overrun problems. Why didn't Microsoft test specifically for buffer overrun problems before releasing them?
And I hope we will not get the society that you want.
:w!q
That's your definition of Perfect.
....
My definition of perfect means I can plug in my new USB scanner and have it work immediately. I can goto a website and see those new SVG images, I can
All this "functionality" that is second thought to whiny little bitches like you *IS* what gives operating systems their complexity.
Not to mention keeping compability with so many years of prior operating systems. I'm sure if WinXP wouldn't run Win95/98/ME [heck even Win3.11] applications there would be a huge outcry of how evil MSFT is for limiting compability.
So basically people want a bloated featureful operating system and then expect it to be perfect.
Admitedly a lot of the bloat is self-induced by Microsoft subscribing to any new system [.NET, C#, ASP, etc...] just to sell more product. Why people go beyond the win32api in plain C is a mystery to me. GUI coding really ought to account for a minimum of the time not maximum...
Tom
Someday, I'll have a real sig.
If a 18 year old kid can write a small piece of code which can lament and trembel a large part of our society, who should we blame?
Robert
No details on how they caught him? Sounds fishy... Catching a virus writter has been proven as one of the most difficult things to do. I bet they just found some kid talking shit in a BBS, traced his IP, and nabbed his ass.
But you never know...
"Instant gratification takes too long." - Carrie Fisher
> All this "functionality" that is second thought to whiny little bitches like you *IS* what gives operating systems their complexity.
That's not what I meant. I mean that if you have bug-free systems, you can easily add features that are bug-free as well. Microsoft's problem is that they don't care. Why should they? They have never been financially forced to care.
The dangers of knowledge trigger emotional distress in human beings.
He's liable because he committed the criminal act that harmed others. Absent that, no damage and no crime. It may be unwise to run an insecure PC, but it isn't illegal.
Using your logic, we might as well arrest victims of drive-by-shootings for providing targets.
-- Slashdot: When Public Access TV Says "No"
"Microsoft signs security pact with Germany" http://news.com.com/2100-7343-5204643.html
That was on may 4th... Today THEY GOT HIM. Thats quite a remarkable effort from the Private Secret Police of Microsoft.
Robert
Now tell me how they are supposed to download the M$ patches necessary.
Simply go here, give them your name and address, and the nice people at Microsoft will send you a CD with all of the current OS patches. Free of charge.
You do remember what snailmail is, right?
He's still in school. The German school system runs a little later than most others. The headline on www.tagesschau.de reads Schueler soll "Sasser" entwickelt haben, which translates as "School student suspected of developing Sasser".
Karma: Nonnegative
Someday, after the revolution, this will be remembered as something we should have taken more seriously...
The orignalAnd have you ever seen a single, functional piece of software without bugs?
He should have to pay for the time that was spent cleaning up his worm from all the machines. Alternatively perhaps he can do an hour in pound-me-in-the-ass federal prison for every hour spent getting rid of his creation. Even better, since Micro$oft with their lax security policies contributed to the spread of the worm, they should pay a $1000 for every hour spent cleaning the worm or send the windows developers in the same pound-me-in-the-ass federal prison.
Independently many functions are bug free. It's their *interaction* that can cause bugs.
Beside if you think MSFT is so bad look up "kernel vulnerabilities" in google. MSFT is not the only company/group that produces code with bugs in it.
Tom
Someday, I'll have a real sig.
So what, that doesn't mean that he is guilty in the official meaning of the word. He was arrested yesterday, with the help of all kinds of specialists, some of them work for Microsoft.
It's standard procedure for the police to work with external specialists.
The idiot who wrote that worm was released later that day and his trial will be in a couple of months where all kind of evidence is used to see if he is guilty or not.
Yes, most likely the statements of said specialists will be heard by the judge but what you are trying to imply is just pure bullshit.
You know, it was a worm written for for a Microsoft OS. I can hardly imagine a better source for information for the police.
Hendrik
Yeah, like write a truely terrible virus which will disable a hundred times as many systems.
Since when is identifying a criminal an attack?
http://news.bbc.co.uk/1/hi/technology/3687583.stm
"According to anti-virus firms machines running Windows 95, 98 and Millennium Edition can help spread Sasser even though they cannot be infected by it."
The 18 year old kid, (his name is Sven?) really hit Microsoft windows at its weakest sweetspot: Federal ordered builtin hookups for "remote security management" and other "activities" as e.g. Spyware.
Robert
"These comments make you no better a person than the worm writer."
Apparently you have very poor comprehension and discrimination abilities. Making comments, regardless of how vile, does not in any way equal actually *DOING* something to harm others.
"...only when we recognize the futility of violence..."
Yep. Criminals first. *Then* you can carp on the rest.
If he is old enough to vote, drink, and serve in the military, I fail to see why you can't call him a man. Just because the US like to keep part of their population immature, I fail to see why it would be true for the rest of the world.
Je ne parle pas francais.
So, even the Slashdot editors don't RTFA anymore?
In Soviet Washington the swamp drains you.
tell M$ to put their money where their mouth is and hold them liable for all the damages.
Any auto maker is liable for problems necessitating recalls, so why shouldn't M$ be too? You'd think the biggest company in the world could at least back their products.
Lobby to your congress-person to hold M$ responsible.
Interesting. We had a machine fall over last week during the height of the Sasser panic. Norton AV had caught an installation of a Windows rootkit, and when we got to it (holiday weekend, so took three days), it had an FTP server installed with 19Gb of German-subtitled Moviez. Kill Bill 2 et al.
.de of all places.
We found various infection scripts lying around, because Norton's quarantine seemed to have stopped the infection script in its tracks. One thing it did was to take the machine's details and upload them to an FTP server. A server in
We don't know if this invasion used the same exploit as Sasser, or if a small number of Sassered boxes get FTP status or what. But the German moviez + German FTP dropbox seems suspicious.
Luckily we had the IP-address, username, and password in the script, and were suprised to find we could login there and delete the info. Hopefully the hacker hadn't copied it, but the box has been re-installed from scratch.
And the user is now seriously contemplating Linux, after losing two days...
Baz
This might be offtopic but it's not really flamebait. A history teacher at my highschool had a Nazi flag on a table in his room, it was appropriate for the current lesson & had been being used for years. Well, a german exchange student, I believe his name was Tomas, we had visiting our school was walking by the classroom & happened to catch a glimpse of the flag (folded on a table) & he went apeshit. He busted into the classroom (between classes thankfully) and started raising hell, yelling what were surely german swear words and such at the teacher & the flag. It took about an hour to calm him down, the flag was put away for the remainder of the year.
Jaysyn
There is a war going on for your mind.
nothing worse for a nerd then no computer.
Sending him to prison only makes him meet the really bad guys.
Jail is not the solution to everything. It denies you normal live, far beyond the duration of incarceration.
No, never will a German citizen be extradited. This is forbidden by German law. (Would the U.S. extradit U.S. spammers or virus authors to other countries? Worth considering I guess.) He will be charged for computer sabotage and maybe some more things. IANAL but IMHO he's unlikely not to spend some time from home - BUT - him being 18, he may be handled according to the criminal law for minors, depending on the outcome of a psychological test that is usually conducted _before_ the trial itself starts. Which means a long time in jail is not very likely.
So - forget about the idea of meeting him in Guantanamo. We are a constitutional state which even acts after the old principle "in dubio pro reo" (I still wonder what Binalshibh could possibly know that other countries' officials should not know. Very strange if you ask me ).
open (SIG, "</dev/zero"); $sig = <SIG>; close SIG;
To complete your bullet proof vest analogy.
It is more like people are wearing T-shirts in a crowded shopping mall. now most of these T-shirts are made by microsoft and have some holes in them.
If you shoot a special bullet in that hole the T-shirt begins to magically fire the same kind of bullets all around, and you get a cascade effect where all the T-shirts begin to fire bullets.
Now microsoft offer pieces of cloth to patch up this particular hole in the T-shirt, and you could also have warn a jacket or even a bullet proved vest over this T-shirt which would have solved this particular problem.
There are even people with already firing T-shirts and they walk to an other crowded place and infect the T-shirts there. Granted if you are wearing a blindfold you may not have known your t-shirt is actauly firing bullets.
Now lots of people actually die from these bullets.
Now can you say that the people that wear these T-shirts with holes in them are completely free from blame?
Take
Not the US system though! I've seen those TV programs set in US high schools - the students are mostly in their 20s!
Im not saying shes responsible but, I would assume that someone on her network has a laptop.
Chances are someone took it home, got infected, then came to work with it.
Voila.
As in "Sent to the U.S.A." ?
Human Right forbids,I really hope for him he's not...I mean, that would really be cruel...
I think to remember a Russian programmer being sent to prison when he came for a security speech, so all he have to do is postpone all travels in the US for the next years...
It takes 40+ muscles to frown, but only four to extend your arm and bitchslap the motherfucker
I wonder if international governments and Microsoft will try to make an example out of him?
Maybe give him the death penalty?
I agree with you that there is an international legal void that gets slowly filled when it comes to IT related crimes and severe penalties should apply to cases like Sasser for example.
But I think implementing this will not deter or reduce significantly the number of people that practice cracking/hacking/or-how-ever-you-call-it.
Same reason that the death penelty has not reduced homicides in US.
When was the last time that anybody precalculated the jail time he/she will get as a deterrent to a certain illegal activity?
In fact in this case I think it will act as a boost, since elite/defiant behavior to the law can be considered very c()()()()l!
Cheers!
Yam, yam, uga booga, yam, yam, yade, yade, uga booga, yam, yam, yade, yade
that person wil be solely held responsible for all damages Sasser has caused, is causing and will cause in the future.
That kinda got me thinking...
Let's use good ol' Diebold for an example. Let's say, hypothetically speaking, that Diebold makes a voting machine which just happens to have a flaw in the way it tallies the votes. Say someone actually goes to the voting booth and exploits that bug, someone wins by a landslide, and the exploit was found.
Sure, the guy would be found guilty of vote tampering and probably would be given jail time, but Diebold would hang as well for not producing a reliable voting machine which, in effect, ended up costing the state hundreds of thousands of dollars and plenty of man-hours finding out how to fix the bug or find another way to replace the Diebold machines.
But in this case, is Microsoft going to be held reliable for even a split-second? No. This kid's gonna fry, and everybody'll blame him. Why doesn't anyone every blame the product which allowed the virus to spread?
Doesn't anybody ever find it interesting that Windows has basically forced the world to accept its view of security, defined as "wait now, act later"?
Because maybe he doesn't act like a man?
Out of the three things you mention men do, he probably only does one of them.
You people are saying things like "kill him", "torture him", "do everything horrible I can imagine to him". I can't believe that! Personally I did nothing to "secure" my system other than run an up to date Anti virus, patch my system, and stay behind my firewall.
I wasn't affected in the least, maybe at work I had some extra calls but that was only after the news started scaring people and surely not when people became infected.
In all actuality he probably made us all a few extra dollars. I'm not sure why you all hate virus writers so much, personally I've never once had a virus and I once went 2 years without an anti-virus. If you all are so great, how were you so easily infected? I've done the bare minimum to be secure, and security wasn't even in my mind when I setup my systems. I think you all are just projecting your anger on someone else because you weren't bright enough to secure yourselves.
I'm probably going to be modded as flamebait but it's the truth, I don't see how you people were affected so much other than probably some extra free time at work.
Why invent new crimes when it's just the same old crime on a new medium?
This punk trespassed, stole services, and vandalized the effected machines. Prosecute him for that.
60 days in jail and $20 fine, for each instance, served consecutively. That should be sufficient.
Bob-
The Ludwig von Mises Institute. The reasoning individuals economics
We'd only haveto do it once to get the message across.
And while we are at it we should reexamine the whole legal system and introduce capital punishments to everything!
YEAH!!! You stepped on my foot... you should die by leathal injection!
Uga Buga (jumping up an down in my hairy hunched-down body and banging a large piece of wood on the ground sometime in 45,000 BC)
How about killing him and his family and his pets as well? How about you do that on public TV?
Yam, yam, uga booga, yam, yam, yade, yade, uga booga, yam, yam, yade, yade
"Locks keep out honest people."
Microsoft is certainly not to "blame" for the fact that someone chose to exploit holes in their software. What Microsoft is to blame for is their arrogance in both claiming they are secure *and* absolving themselves of all responsibility for not *being* secure.
No computer system that offers services can ever be totally secure. You know that, I know that, but the Microsoft marketing department will pretend it's not true.
Let this punk get prosecuted for simple trespass and theft of service. Simply paying back all the victims for their time and effort wasted dealing with the worm should keep him in forced labor for the rest of his life.
Bob-
The Ludwig von Mises Institute. The reasoning individuals economics
An 18 year old with enough skill to find a buffer overflow exploit in WIndows RPC, and then to write shell code (it's pure x86 asm) so that it can spread like wild fire...
this kid is either an experienced systems programmer,
a skript kiddie (just unleashed it through out the world),
or a scapegoat.
C'mon, I thought slashdotters were KNOWLEDGEABLE about this kinda shit. You people taking this at face value?
ugh.
My question is: How did Microsoft do that? How could Microsoft find a guy, merely by studying the executable that he had created?! This really has me stumped.
Does anyone care to speculate?
Yes, 18 is a legal adult in the US... kinda... but I think of nothing but "punk kid" instead.
Regardless, punish him like a man - hah!
Berto
"The Sasser author is an 18 year old man" Virus programmers should be referred to as boys. I think a certain maturity comes with the term man which is obviously not warranted here.
Make the kid write a fix for Sasser and let that loose on Internet?
http://efil.blogspot.com/
What a joke Windows is, all the man-hours devoted to its development, all the programmers who write/maintain the code for it. And it only takes the mind of an 18 year old BOY to bring their system to its knees. Wasn't the last MAJOR worm problem attributed to an overweight 18 year old? M$ should hire more fat 18 yearolds.....
In the US, an 18-year-old is a man and not a minor from a legal standpoint. In the US, he would be tried as an adult, with corresponding potential penalties. I'm not sure what other term one could use.
May we never see th
Here you can find a (german) TV-Newsclip.
It's really suprising that no one's put a destructive load on these worms. With the amount of pc's that have been infected, the damage would be catastrophic.
As far as security goes, NT 4.0 is the main culprit. Microsoft should have done some serious code checking on NT 4.0 before basing future OS's on it. As you've noticed, an exploit on NT 4.0 is also present across the spectrum of NT-based OS's. So Microsoft's priority should be to examine the NT 4.0 code that went into 2000, XP and 2003 and find potential problems before they're exploited.
For those who have no idea what is being talked about (for *years* I heard the term "fnord" being referenced and had no idea where people were getting it from), read the Illuminatus Trilogy.
Or don't. I found it to be confusing and bizarre. The authors like to switch between viewpoints of characters without warning (and a few times, in the middle of paragraphs). Some characters have viewpoints that are distorted by being wrong or doped up, one character is a dolphin (and has correspondingly un-human thoughts), the whole mess is added to by the fact that much of the book takes place in flashbacks and that it's very difficult to tell who is insane and who isn't, the fact that much of the content is complex uber-paranoid consipracy theory and religious or philosophical -- oh, and the fact that there are backreferences to all kinds of minor details throughout the books.
May we never see th
Once they know the MAC address they can find him by asking all the ISPs to co-operate. The MAC address is used in ARP routing for networking and is how each card is uniqely identified. His ISP would know his MAC address, then all they have to do is turn up and arrest him. Of course, he could have just shot his big mouth off on IRC too e.g. "m3 l337 H4x0r br1ng d0wN teh ev1l M$ c0rp0rat1on...pr41s3 b3 to m3!"
All those moments will be lost in time, like tears in rain.
This a groundless troll, if MS had backdoors in XP that sent info back to MS, don't you think SOMEONE would have noticed this a packet capture by now? Sometimes I would rather try to reason with an AOL user than a Linux user.
Saying Java is nice because it works on all OS's is like saying that anal sex is nice because it works on all genders.
Take your paranoid fantasies somewhere where people don't know enough to refute them.
First, when you compile an EXE file with MS tools, it follows a format called the Portable Executable format[1]. You can verify this by opening up the EXE in a hex editor. There are a few headers, a few sections for code and data, and maybe a debug section. There isn't a section called ".backdoor" or ".spyonuser". By examining it very carefully, it might be possible to determine which version of Windows produced it and what compiler, but you aren't going to find your MAC address, name, street address, and favorite color anywhere.
Second, if you're talking about a network backdoor, that's extremely unlikely also. You can see someone using a backdoor on a Backdoors aresimple packet dump. Set up a packet sniffer between your computer and your internet connection and watch for strange packets. Write a virus or something, and see if someone from MS makes a connection to your computer. If you're so paranoid as to think that MS has trojaned all the routers, switches and hubs in the world so as to make it completely impossible to trace, go see a psychiatrist.
[1] - Reference for the PE format: here
Karma: Contrapositive
Microsoft then called the German police.
I am sure the person who called Microsoft was doing this because s/he wanted the reward. Otherwise s/he would have gone directly to the police.
Translated quote from the article:
A good example of the man trying to keep us down.
-Imidazole2
Why doesn't someone write a virus that 'spreads like wildfire' and infects all unpatched pc's and then auto runs windows update or just patches the systems? It might still be illegal, but it's not like anyone could sue for damages... just violation of privacy and unauathorized system changes. But who would really go after them?
Reuters link
"We are absolutely certain that this really is the creator of the Internet worm because Microsoft experts were involved in the inquiry and confirmed our suspicions and because the suspect admitted to it," said Frank Federau from Lower Saxony police.
OF COURSE! If Microsoft says someone's guilty, of course they are. The fact that they admitted it doesn't mean shit.
"Police described the suspect as a highly intelligent "computer freak" living with his parents."
But OF COURSE he's a 'computer freak' living with his parents. What else COULD HE BE?
Most criminals, espically the non-organized ones, suffer from a problem of running-of-the-mouth. Almost all of us do, actually. We like to brag about the things we've achieved to friends. However, when you are braging about legal exploits like winning the pot at the last card game, it's fine. Thing it most crooks also brag about their illegal exploits too. This is fine, until one of their friends (or friends of friends) turns them in.
Also most script kiddies/crackers run their mouth when they get caught. We had one on campus, he was using some program (I forget the name) that tried to spoof itself as the default gateway so all traffic would go through him and he could sniff passwords. He couldn't get it working right and it kept bringing down a part of the network. Well when we caught him he instantly confessed everything to us, then to the police.
The thing is that he (and those like him) are so convinced of their invenurability because of their anaonymity, that they are just totally unprepared to get caught. So when it does happen, they usually just break down and confess everything.
My favorite part was when the 1337 dude they interviewed (complete with silouette and altered voice) said that it only takes 2 minutes to hack a Windows SCADA.
I'm in the hole of the broadband donut.
Hmmm, you know, I haven't seen Helios release any more updates to his Helios Hook aimbot for Unreal Tournament and Tactical Ops since Thursday. And he was about due for another one already. And we all know he was making trojans already... Wouldn't it be nice if that were he?
Karma: Bad is the liberal way of saying this guy won't drink the kool aid here on slash dot. I wear my Karma with pride
Make him work for Microsoft... Oh, WAIT a minute... :)
Who moved my sig?
I wanna shake his hand, and hire him for my network security company.
Most locks ARE easy to bybass, amazingly so. The simple tumbler locks that 99.99% of houses have are nothing for a trained locksmith. My friend who has such training and tools (it's his profession) and can pick most standard locks in under 10 minutes, usually faster.
This is not an uncurable fault, however. On my front door there is a Medeco Maxum lock. This lock has a different kind of pin (they call it biaxial) and it is something that is very difficult to pick. My friend can't always do it successfully. It also has greater security with it's keys. A normal lock, you just grab someone's key and get a copy made at any Albertsons, then return the key, they are none to the wiser. Not so with Medeco locks, normal grinders can't dealw ith their keys, and Medeco dealers refuse to make copies without picture ID verifying that the person owns the lock.
Well then, should we be suing all these lock companies for selling these poor quality, easy to defeat locks? I mean they KNOW there is better technology right? Well yes, but there is a tradeoff: Cost. If you go to a hardware store, you'll find that locks are about $20-$30, no big deal. I paid about $200 for that Medeco lock. So if you want that kind of security, you need to be willing to drop about 10x the cash.
It doesn't end there either. Medeco locks are better than average locks, but they aren't invincible. They are still pickable, with effort, and they aren't invinvcible. For that matter, someone could just bash in your door, given enough time and force.
Just because better technology CAN be gotten doesn't mean there aren't tradeoffs in doing so.
Let's see, the guy's user ID is Adoph_Hitler and you're surprised he's a troll??? And you make disparaging implications about AOL and Linux users because of this guy? Just how reasonable is your flamebait?
Guns don't kill people -- people kill people.
But the guns seem to help a bit. (apologies to Eddie Izzard)
Sasser was only a new type of worm for him - the police found evidence (Google Translation here) that he is also responsible for the netsky virus.
* Smile. People will wonder what you think. *
Okay, I realize that cooperation with Microsoft may be useful, but this is a little nervousness-inducing:
Spokesman Frank Federau for the Lower Saxony police said the man was arrested Friday. Federau said the suspect admitted to programming the worm, but authorities did not know if he had created all the versions of it.
"He made a confession, and the experts at Microsoft have now confirmed that he was the cause of this worm," Federau said. He said he did not have any details of how the suspect was found.
So...while I realize that this is a black eye for Microsoft, and that it's to their benefit to assist in tracking the guy down, and I realize that police budgets may not allow for competent cybercrime investigators, it always makes me nervous to see police saying "investigators from <large global corporation> have confirmed that this guy is the culprit". Yes, he'll have his day in court, but still...damn.
May we never see th
even tho the sasser and blaster virii have been infecting loads and loads of machines, it still only seems like a pest. most virii just infect somebodys email or just annoy somebody to the point of formatting their box, and then getting some av protection. there hasnt really been a virus that will actually destroy a piece of hardware so that the machine is completly unusable (wiping the firmware of a harddrive, or overclock the processr for example), and if the people responsable for the viruses at the minute realise that this can be done the there is no telling what can happen in the near future. just think, a highly replicating virus (blaster or sasser) with the ability to destroy a hard drive, or any piece of hardware, as soon as the user restarts! just a thought, but things may turn nasty in the next few years for microsoft! (lets face it, who really likes windows??? :) )
Or a script kiddy who has been forced to put a sting on his contacts??
Texas is the death penalty capital of the world. By your logic that would also make it the safest place in the world, yet people are murdered here every day. A person can be imprisoned for years (years!) if caught with trace amounts of cocaine, yet the crack epidemic is as strong as ever.
I wouldn't complain about his logic when you've used 2 crimes to generalise across the whole of crime.
Believe it or not, crack is addictive. I worked with a crack addict who sold his mum's car. He really didn't care about anything apart from the next fix.
Most murders are spur-of-the-moment crimes of passion. The murderers do not think about the consequences in the 5 seconds it takes to kill someone in your gun-obsessed country.
OTOH, this 18-year old allegedly rationally planned, designed, coded & released Sasser & Netsky, which caused god knows how much in damages, caused as yet uncalculated amounts of stress, and the actual number of people directly killed has yet to be investigated (I bet it's >1). Not only should he receive the full punishment under the law, but it should be a cruel and unusual punishment, just to make sure his peers remember.
I think the authors of computer viruses should be treated as terrorists. They cause lots of damage to innocent people. George W. should include computer virus authors as "enemy combatants" in the "war on terror". Lock them up. Throw away the key.
...I mean, getting caught - no problem: this person did a thing that only a serious de-'script kiddy'-programming (preferably by some hackers) can fix now.
What I do find very bad however, was that the person who caught him should have gone to Microsoft first instead of the proper authorities. Where will this go ?
Slashdot: stuff for news, nerds that matter, matter for news, stuff that nerd
First, when you compile an EXE file with MS tools, it follows a format called the Portable Executable format[1]. You can verify this by opening up the EXE in a hex editor. There are a few headers, a few sections for code and data, and maybe a debug section. There isn't a section called ".backdoor" or ".spyonuser". By examining it very carefully, it might be possible to determine which version of Windows produced it and what compiler, but you aren't going to find your MAC address, name, street address, and favorite color anywhere.
Except that is just your opinion, you haven't provided proof. Remember they used to embed unique ID's in word documents until the word got out.
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
I spent several years of my life as a locksmith. The unfortunate truth is, Schlage is just average. Not as bad as Kwikset (avoid like the plague), or Weiser (avoid like it's a Kwikset), and not as good as Master (formerly Dexter). Unfortunately a few years ago Schlage realized their locks weren't as good as Master, so they bought out Master's door hardware division (essentially the old Dexter that Master bought) and shut it down.
Schlage aren't bad locks, but they're not really as good as most people think they are. They're just kind of "okay". Not that you asked, but now you know. =)
-BK
Chemical Blog
A file format standard isn't "my opinion". The PE specification is published in many places, and followed by many compilers, including GCC. You can open an EXE file and compare it to the standard. There are no hidden sections or secret codes in an EXE file. Would you say that someone could secretly embed personally unique information in an XML document?[1]
If you want proof, get the exact same version of Windows and MSVC++ and compile the exact same source with the exact same compile time options on two different computers. Binary diff the result. If there are differences, determine whether they actually represent information about the machines in question, or are simply quirks of compilation.
I'm not going to post an in-depth dissection of the PE format with analysis of each section on Slashdot, because I don't have the time to justify my statements to someone who can't understand the difference between facts and opinions.
[1] - Yes, it's theoretically possible to use a form of steganography to embed data in the number of spaces between the end of a line and the linebreak, but let's stick to practical concepts...
Karma: Contrapositive
Nothing to do with how he was caught of course. He most likely was sufficiently stupid to upload the virus from his own machine, has he used an Internet Cafe or an insecure wireless network he would have been untraceable.
It would be a good idea if people had to show ID to use an Internet Cafe, and wireless networks were banned entirely. I rate security higher than the imagined need, dreamed up by marketing men, to be able to use a PC anywhere, with no wires. Now I am going well off topic, but security matters, and a generic right to upload what you want, where you want, with no positive check on your ID, is a serious threat to other people's security and should not be allowed.
I don't know how severely German law can punish this scumbag, but life imprisonment with no hope of parole sounds about right to me. There must be an effective deterrent.
Sasser showed me which windows machines did not have their auto-patch routines working.
Since the PC support group had recently reported that all machines were now in the auto-patch system, we were quite suprised to see almost 1% (which is a lot of machines, around here) get sasser.
Incidentally, a crude way to scan your network for sasser (let's just say you've got a linux box handy with samba,nmap,bash, grep and gawk and that your network is composed of three class C segments numbered 10.0.1.0, 10.0.2.0, 10.0.3.0 for the sake of example) is:
nmap -p 5554 -oG '-' 10.0.1-3.1-254 |gawk '/^Host.+5554\/open\/tcp/{print "nmblookup -A " $2}'|bash |grep "<00>"|grep -v GROUP
If your machines have useful netbios names (such as their location, for instance) and/or you know the names of your users, that should give you all the info you need.
Thank you Mr. Sasser author! You the man! Your non-destructive code was a public service from where I'm sitting (yes I know others feel differently - the real universe is subjective, neh?).
and look up "Irony." I'm guessing you're American.
Author, Shell Scripting : Expert Re
What does a system for secure legal transactions using XML have to do with a teenager who was ratted on by his mates? Either this was a joke or this guy is way past help. I suspect the first option.
I can't believe this has been modded up. Well, Funny may have been appropriate.
Jeez.
I'm sorry if I haven't offended anyone
It didn't stop alcohol , but started off the highly profitable boot-legging which gave birth to protectionist mafias ... and in short america's criminal class ..
:)
..... if guns were outlawed ... only outlaws would have guns ...
Considering that example , maybe education should be prohibited
Looks like the old saying's true
Quidquid latine dictum sit, altum videtur
Maybe we find out about the real names and versions of all the Sasser and Netsky variants now. The ones we know now are just made up by the anti virus guys after all.
heise.de today mentions that Microsoft will pay $250000 to the (less than five) informants.
Yes its your opinion, and you admit it at the end. We can study the GIF specification as well, and people have been hiding information in them for years.
I'm not saying they are, just that there aren't any proof they aren't.
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
The nice part about bringing steganography into the argument is that it has deniability: It's pretty much impossible to prove that something does *not* contain steganography. I can't argue that it's impossible for EXE files to contain steganographic information, but I will argue that it's extremely unlikely given the specific circumstances in original parent.
Karma: Contrapositive
As a sibling poster mentioned somewhat rudely, yes, it's entirely possible to embed information in an EXE file using steganographic techniques. I retract any part of my statements which attempts to deny that.
I would like to say that my post was in reply to a post claiming that the virus author was captured because of a Microsoft backdoor in their own compiler products. He did not specify that the virus author had a trojaned copy, or that his compiler was altered in any way from one I might install. He implied that there was a backdoor in the standard installation of MS tools and Windows which inserted enough personal information for tracking. I'd simply like to state that under the conditions stated by original poster, that technique is not practical, and extremely unlikely.
Karma: Contrapositive
Which reminds me of something I've always wanted to know: What stops the virus writer from being hit with his own virus ?
I would imagine that putting it into a P2P network as "hot-young-ones-screensaver.exe" would had been the best way, especially if he had actually bothered to make a real screensaver with the virus as a trojan payload. Especially if the virus in question was a "real" (infecting program files) virus, and the vector program was originally made by someone else...
It would be a good idea if people had to show ID to walk on the street, and had to carry small spy microphones ("bugs") with them at all times. I rate security higher than the imagined need, dreamed up by freedom fighters, to be able to walk anywhere and talk with anyone, with no one listening in. Now I'm going well off topic, but security matters, and a generic right to go where you want, with no positive check on your ID, is a serious threat to other people's security and should not be allowed.
Why is it that the word "security" makes people's brains stop working ?
I see someone got hit hard by the virus... Instead of likening a virus writer to a murderer, how about keeping your computer updated from now on ? You'll do both yourself and the Internet in general a favor, and don't make yourself look like an idiot.
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
http://www.microsoft.com/presspass/exec/bradsmith/ 05-08sasserarrest.asp
I will not say that my systems at home are totally immune, but I have OpenBSD, FreeBSD and two Linux boxes, and the only Windoze machine, which is the laptop, runs a fully up to date Win2000 (won't touch XP with Raw Sockets!), and is never connected directly.
Even before then, when I did access the net from Windoze, I was only hit twice, which showed me that certain anti-virus software, even when kept up to date, is worthless, both were fairly old virii. One was a Word macro, I do not run Word and so theoretically was immune, except that Norton had not bothered to analyse the thing correctly, and in my case I had the free Word Viewer program, which of course opened the file. Now supposedly there was no menas by which macro code could be executed, but this virus obviously had another mechanism, which Norton had not bothered to analyse, which trashe dmy machine instantly.
The second one was a stupid one that simply closed the browser, if Javascript was turned on. I proved that Netscape was seeing and reacting to the virus before Norton saw it, so there was clearly something wrong, but Norton support staff lied and said that I was protected, yet I could reproduce the effect again and again, simply by turning Javascript on and going to the relevant web page. Funnily enough, a scan of the downloaded file by Norton was positive every time.
I have had a pC trashed by Panda, so has everyone else I know who has tried it, and practically everyone who used McAfraud seems to have been hit, sooner rather than later. I have a very low opinion of the anti-virus industry as you might gather, and an even lower opinion of the scumbag Monopolists who deliberately add features which destroy any hope of security. No doubt I will get hit again (not for about 5 years now) despite my OpenBSD packet-filtering firewall, and only using the Mozilla browser, keeping everything up to date, running F-Prot antivirus, no trace of Outlook or IE to be seen anywhere, even on the laptop, but it will not happen nearly as often as if I continued to use a trash OS, browser and mail client.
So sorry to disappoint you, I did not get hit, and don't expect to get hit very often, but I still think they should throw the book at scumbags like this. And I agree, those who do not keep their computers up to date do endanger other people, I am sick of the number of infected emails I get from PCs which have been infected. They can't do anything, it is just annoying having to delete them, and tehy are about 50% of my mail. But if anyone looks like an idiot, it is the one who jumped to the conclusion that I had been hit, when I gave no such indication. If I had been hit by that one, it would be my own fault, fairly and squarely, the same for anyone who is stupid enough to use Lookout, or its perverted, cut-down relative as their email client, or to use IE as their browser. They deserve what they get.
Keeping a PC up to date, both with the buggy patches from the Monopolist and the antivirus software gives absolutely zero protection against new threats. The underlying OS and the mail client and browser also need to make decent attempts at security, or everything else is in vain.