Slashdot Mirror
German Teen Charged with Creating Sasser
nomoreself writes "Sven Jaschan, only 18 years old, has been indicted by prosecutors in Verden, Germany for allegedly releasing the well known Sasser worm. The PC World article has the details, including the fact that Microsoft's $250,000 reward offer was responsible for informants' coming forth with Jaschan's name, and that Jaschan has actually already confessed to writing several versions of Netsky, as well as the worm in question. Surprisingly enough, the 143 victims that have filed charges are only claiming $158,000 worth of damages." You might remember when he was first arrested back in May.
Worms are a two-sided problem. In order for them to happen, it takes a software writer (far too often that software writer being named "Microsoft"...) to create software that has a ready-to-exploit flaw in it, and then it just takes one evil-minded programmer to kick a worm through that hole and make a mess that makes all of us wearing white hats have to do some serious cleanup and deal with downtimes.
While I'm glad the kid is going to get taken to justice, I'm still a little troubled by the fact that all Microsoft doing for their part of it is releasing a "you shoulda run Windows Update" patch and kicking in a quarter-million US dollar reward... both of which they're doing out of the kindness of Bill Gates' heart because there's no law requiring either of them.
I know small time programmers need liability protection from the abuse of their software... but shouldn't a large company like Microsoft be liable for the cleanup costs associated with their own security bugs?
Not necessarily, it depends on why the person does something like this. In most cases the psychological reasons for creating a worm/virus, also would make the person want to brag about their accomplishment.
Maybe they do it because they want to show off their skills and boost their ego. In most cases people aren't happy knowing they are the greatest in the world, they want everybody else to affirm that feeling so they brag about their accomplishment to get recognition. Maybe they do it to get revenge, and they want those suffering to know who is causing the pain.
I think more than likely the person would end up talking. Just a few drinks at the bar and they might open up about their great accomplishment to uninterested patrons.
D6 63 0D 70 89 81 BB 8E 7B 7C 5F 5D 54 EA AB 73
catch me if you can was a movie with tom hanks and leonardo di caprio that embellished mightily on the real life tale of a check forger and the fbi agent who pursued him.
what is true about the story though is that the check forger in question went on to become one of the fbi's most valuable anti-forgery experts and he eventually went on to make millions helping banks design anti-forgery checks. here is the man's website.
so whenever i see someone like this sasser/ netsky author get caught, or another virus or worm author in the news, i can't help but think: why doesn't microsoft just hire the guy?
seriously, a brilliant criminal is just someone who's skills are being expressed in the right forum, but in the wrong direction. all law enforcement has to do is flip the brilliant criminal into an asset as a condition of a smaller criminal sentence/ fine for them. eventually, they may find real respect and success in their field of expertise on the white hat side of things.
and this isn't fiction i'm inventing, this is exactly what happened with frank abagnale jr. (of catch me if you can fame above).
well, for all i know, this IS what microsoft is doing... anyone have any news anecdotes to indicate this? anyone know whatever happened to the melissa virus author or the i love you virus author that they caught years ago?
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Writing a virus is not a crime. Writing a virus with the intent to cause harm is (ditto for negligence letting it get out). Don't expect him to be defended like the few innocents were.
G
a little math
5 years * 365 days in a year * 24 hours a day = 43800 hours in prison
$158,000 / 43800 hours = $3.60 an hour
or
5 years * 365 days in a year * work 8 hours a day = 14600 hours of work
$158,000 / 14600 hours = $10 an hour (if he works 8 hours a day)
When I was 13-16 I had the ability to create viruses with the capabilities as any major virus. And I am sure many slashdotters also had/have these ability.
I actually thought about releasing some viruses, well trojans, would not of done anything on the massive scale as some of this virus, I was not that stupid. Hell, I could actually be in jail now and life screwed up over something like that.
Exploiting windows machines has never be challenging has not been for the past decade. The fact that some kid could wreck their life over a couple lines of VB code is kind of sad. I think it was genius on microsoft's part to get people to want hunt and track down those evil virus kiddies.
It would be easier to create a destructive virus then it would be to rob a couple bags of chips from a store for most kids that create viruses. One might get you a slap on the rist (I am not sure how much you get in trouple for stealing couple dollars worth of food), and the other could get landing in jail and millions of dollars worth of damages.
I honestly do not think for most of these kids the punshiments should be that extreme especially since most of those kids probably only copied and pasted some code, or changed a few lines of code. The punishment should fit the crime, if you can cause millions of dollars worth of damages in under and hours worth of work, then something is not right. I do not see any other way of doing something that bad on a massive scale other then blowing up a building or running around with a gun.
I just hope these kids still get a chance to have a life, and they are only held partially responsible. If someone built a bridge that could be destroyed by walking over and pulling out a nail, and the hole thing would come down. There would be two people to blame. The designer and the person that actually did it. Lets just hope its handled carefully in this case.
Stealing to feed your family?
Call me very kantian, but I have never understood why one person thinks that in any circumstance that because one person has more than another, it should be considered alright to take it away from them and give it to someone.
Would I steal to feed my family?
If I had no other choice, most likely. But I'd expect to face the same consequences as the guy that stole money just to support a crack habit. I'd expect no one looking into the circumstances surrounding what I did other than I did this or didn't do it. Wrong is wrong. There are no grey areas. Its a boolean function. its right, its wrong. Nothing else.
I think the satisfaction in putting them out of business would be enough.
Why isn't anyone writing a good worm for a change? One that would install itself on the computers of the clueless and destroy their malware. It would roam the internet as an autonomous wave of malware mutilation jacking into networks of its own establishment to retrieve new signature files.
Oh man, now I wish I knew a damn thing about how Windows works so I could go write that monster . . . . . .
Only in a Slashdot fantasy can a Slackware install turn into several hours of sex . . . . .
He was arrested on May 7 after confessing to German crime officials that he originally wanted to create a virus, Netsky, to remove two other viruses, MyDoom and Bagle, from infected computers. After developing several versions of Netsky, he created Sasser, according to the officials. It seems like his intentions were good. The virus didn't really do anything direct malicious, as far as I remember. It just spread so fast that it took up all the network bandwidth. I can see how people might want to be compensated for loss of revenue, but if they put him in jail it should be for negligently causing harm rather than a deliberate crime.
While I can't point you to a specific post, I have made comments every bit as harsh, if not worse, about the scum sucking bottom feeders at the spyware capital of the world otherwise known as Gator. They should be squashed like the parasites they are.
If I had children and one of them came to me and said "daddy, I want to be a prostitute", I wouldn't be happy but I'd learn to live with it and they would still have my love. But if they came to me and said "Daddy, I want to work for Gator", I'd throw them out of the house.
I want a new quote. One that won't spill. One that don't cost too much. Or come in a pill.
My god yeah.
The designer at my work came in one day and said her machine was running slow. She runs Norton AntiVirus and scans regularly. I asked her whether there were any strange Pop-Ups or browser redirections. She said "Yeah! How do I stop that?"
I said "You're computer is infested with Spyware. Install AdAware and Spybot: Search and Destroy"
She came back to me a couple of days later with a sheepish grin on her face and asked me to guess how many adbots/tracking cookies, etc were installed. I said, "Oh, I dunno, maybe 150?"
She said: "488"
I nearly fell off my chair.
I'm starting to think we need licences to drive computers.
Cheers
Stor
"Yeah well there's a lot of stuff that should be, but isn't"
You're an idiot. If you could only sue to recover losses, the company that wronged you would have no incentive to reform. They could do the same thing to everybody, and maybe only 5% of the wronged will sue, so they will be even on those 5% but profiting by their wrongdoing on the other 95%.
No. This is incorrect. Although IANAL, I can assure you that the CxOs of the company in question would be charged with commiting fraud if they knowingly repeat their unlawful way of profiteering.
Not civil law for repairing damages, but criminal law for the people doing such stuff.
This is semi-related, but my company seems to have been infected with a new virus that I haven't heard about. It spreads through port 445 to random IP addresses like Sasser, but when it's infected, it kills the task manager and the registry editor whenever they're started. It also has a random file name in c:\windows\system32 and removes all the default network shares (C$, D$, ADMIN$, etc). It seems to put keys all over the registry, I had to just search the registry for the filename and delete all keys it found. I copied the executables to a non-infected machine with the absolute latest Symantec virus definitions and it didn't detect anything, so I quarentened the file and sent it to Symantec.
Has anyone else seen this? I figured out how to remove it by killing the process, deleting all the registry keys with the filename and deleting the file. The Sasser and Korgo removal tools didn't detect anything so it doesn't seem to be one of those. I found some information on google about a similar virus, but it always used the filename msclock.exe and this one is a random filename.
Things you think are in the Constitution, but are not.
Actually he got caught the day after his 18th Birthday and since he wrote the digital organism before it there was some debate about whether he is chargeable or not since he comitted the crime as a youth.
The dangers of excessive individualism are nothing compared to the oppressiveness of excessive collectivism
Why do you find it so unbelievable?
As an American, I find it unbelievable that Americans are so puritanical about all things related to.... um... sex.
Straight American males are generally obsessed about any perception of them being slightly gay or interested in anything homoerotic.
Look at the scandal over a president's affair.
Now given the righteous condemnation of anything sexual, and probably lack of any experimentation, should you really be surprised?
Those who would give up liberty in exchange for security and DRM should switch to Microsoft Palladium!