Slashdot Mirror
70% Of 2004 Virus Activity Down To One Man
arpy writes "According to a report produced by anti-virus software provider Sophos, 70% of anti-virus activity in the first half of this year can be blamed on Sven Jaschan, an 18-year-old German who wrote the Netsky and Sasser worms. According to the report, "Sasser claimed the top spot of the virus chart, in spite of the raging battle between the widespread Netsky and Bagle worms." The Register has a good summary of the report."
Probably not a good article to have floating around with your name in it. I'm sure there are plenty of helpdesk personnel, network administrators, and "computer guy" friends who would like to punch that guy in the mouth.
Scapegoat?
Isn't he the one Valve blamed for the HL2 source code theft as well?
The mainstream and tech press is always implicating Russian crackers or links to .ru sites...
What's the real deal? Someone is feeding us disinformation with a shovel.
You got to wonder why Microsoft never did this before. From a business standpoint, the return on investment for this $250,000 bounty is probably going to be quite impressive.
The computer worm he created continues to spread despite the fact that their creator has been taken out of the equation.
How on earth must one believe that a worm works (or think that one's readers believe that a worm works) in order for them make such a statement?
I'm reminded of a great quote by Charles Babbage. Babbage was asked (by a member of parliament... of course) whether his analytical engine will, in spite of being given erroneous input, nevertheless arrive at the desired answer. Babbage's response?
"I cannot rightly apprehend the kind of confusion of ideas that would provoke such a question."
Accountability on the heads of the powerful.
Power in the hands of the accountable.
Yeah Netsky and Sasser have gained much more notoriety but actually phatbot has been (and still is) the more dangerous worm/trojan/backdoor around in 2004.
There are currently several thousend different modifications of phatbot around and in contrast to Netsky/Sasser, phatboy infected systems are being commercially exploited as spam relays for UCE/UBE and Hatemail. In Europe neofascist/neonazi groups use phatboy to finance and also to distribute their propaganda.
You can buy lists with the ips of compromised phatboy-infected computers to use for your own spam-enterprise. There are even groups which will code you your own version custom-built to your likings.
Strangely the author of Netsky/Sasser has gained much more public interest. Yeah it was probably more annoying and a real hassle for the sysadmins. On the other hand phatboy is more dangerous than netsky and is actively exploited with criminal intent. Although the writer of phatbot has been arrested as well (coincidently also a german) all you ever hear about is the author of sasser.
Jeff
Vinge is a great(!) SF author. Many of his novels deal with an idea he calls the Singularity; the concept that technology will keep accelerating until we gain the ability to increase our own intelligence, at which point the changes will come so fast that we we will become unrecognizable to pre-Singularity humans.
... perhaps Sasser and Netsky were worse?
One of his fundamental ideas is that the growth of technology will give individuals more and more power. I'm not sure if he explicitly says this himself, but one of his themes is that individual people will have the power of atom bombs. It won't BE atom bombs, it will be something else... like the ability to write viruses.
In terms of direct harm, it would appear that Sasser may have done more damage than slamming planes into the WTC. Indirect damage, everyone overreacting and doing stupid things, was tremendously greater with the WTC, of course. But in terms of direct, measurable damage
Speaking, again, purely in economic terms, I wonder how Sasser and Netsky rate against the Hiroshima or Nagasaki bombs? I realise that the viruses probably didn't kill anyone, and they didn't start or end any wars. We don't feel it as much because everyone paid a little bit, instead of a few people paying a whole lot... but in terms of actual dollars/yen/economic value, I wonder how they compare?
However that comparison comes out, being singlehandledly responsible for 70% of all virus activity over the last year is *a lot* of power. Vinge's Singularity may not be that far off... assuming we don't virus ourselves to death first, anyway.
Me, I would have placed the blame squarely on all of the admins out there who allowed their systems to be compromised by the worms in the first place.
You mean that it's Joe user's fault that his DSL connected PC got infected? What do you suggest we do about that?
"We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
Definately not... The story header here claims that "70% of anti-virus activity in the first half of this year can be blamed on Sven Jaschan", that makes a good headline for sure, but the FA itself says "Sven Jaschan, teenage author of the Sasser worm and member of Skynet, the gang responsible for distributing Netsky, confessed in May".
So 70% of the virus activity has been done by one group of hackers, not by a single hacker.
Facts people, we want facts!
After 3 days without programming, life becomes meaningless
- The Tao of Programming
To use your "real world" model, Windows is not analagous to a locked car sitting on the street in a relatively nice neighborhood. Windows is analagous to a car with all its doors open and a key in the ignition, sitting in the middle of downtown Gotham City.
It's *going to* get stolen (hijacked) unless you do something about it.
I'm all for putting this guy in jail. But at the same time, it's unrealistic to expect hackers to stay away from a computer whose OS is full of vulnerabilities, from which they stand to profit.
You say you want to give users what they ask for....what all MY users are asking for, primarily, is "not to be bothered with this bullshit virus stuff," and the best way to make that happen at this point, IMHO, is to make it far more difficult to gain access to their computers.
Sure, you can make an example of this guy, but I don't think that's going to stop the tidal wave of virus attacks. Instead of relying on the courts to enforce things like this, I'd much rather see an increase in computer security. Just give all your users personal firewalls (the RL equivalent of locks on their car doors)....something really simple like Zone. Software that DOES make things comfortable and obvious for the user.
And when the problems go away, they will remember that security, not the court system, solved the problem.
--B