:) Nice he made his code available. (:

I just checked, and I have 11,182 of his messages in my virus bin for the past 14 days.

Nick_W, I some have very strong feelings for him as well...
... but 'Like' wouldn't be one of them.

That's what gets most of these ^&%*@!* in the end, they just can't help but brag about their exploits...

[edited by: Hunter at 7:15 pm (utc) on Aug. 29, 2003]

Mmmm, script kiddies.
What are the odds that it was really him?

I hope he is sentenced to life without access to a computer.

Just remember - this is not the guy - even the American news media is starting to report this fact correctly. This kid hex edited one of the variants and renamed the seed file to a "funny" name. His variant has been reported on less than 20 machines, according to Trend Micro.

>Just remember - this is not the guy <

He probably would have been if he could have been. I agree; life without a computer would be a fitting punishment. Better: shot at dawn, except his youth and immaturity would get him out of that sentence.

He probably would have been if he could have been.

Way to rationalize it! The actual people who need to be shot at dawn are the sysadmins who had months to patch their systems and did not - and the buyers/managers/implementers who are using Windows systems for jobs they are just incapable of handling securely.

Associated Press:
"The FBI said in court documents that at least 7,000 computers were infected by Parson's software, and Symantec said the worm and its variants infected more than 500,000 computers worldwide. Experts consider it one of the worst outbreaks this year."

[news.yahoo.com...]

bcolflesh, it would appear this kid had a pretty good start on the problems, but if there are other culprits, share the link.

As far as the sysadmins not doing their job, you'll find no arguments from me on that! I'm still getting about the same number of emails that I did when this started, so obviously there are still TONS of people ignoring their security.

I had a student once get caught breaking into the school network and sending everyone a break message.

I scolded him for sending the message. "Why did you have to announce it?"

That's why most criminals get caught - they can't help but share their exploits.

That's because the FBI can't get the real author(s) - Sowhat, who posted the source here:

[xfocus.net...]

The FBI is just set to make an example of a kid who took the code, changed some strings and stupidly told somebody - again, Parsons variant has not been detected on more than 20 machines by any tracking sites up to this moment.

Maybe interesting - his handle is an expired username on WWW! You can check out his site cache before Google is told to remove it here:

<edit> - dupe of first post link - sorry!

Symantec's assessment here:

securityresponse.symantec.com/avcenter/venc/data/w32.blaster.b.worm.html

They estimate up to 50 "infections".

All these guys start with '50 infections'...

If the FBI has the wrong guy, and he did not infect 7,000 machines as they stated, its not because the kid wasn't trying.

I hope they throw the book at the derelict, and maybe it will discourage some others.

50 computers? LoL that will be a small fine if anything I dont think much jail time if any at all will happen for this guy.

I hope they throw the book at the derelict

And this is the whole reason our judicial system floundered, then failed - we know:

1. he's not the author of the code that started this.
2. patches for this problem have been available well before any exploit started making the rounds on IRC
3. almost all the traffic/network problems which are causing a public outcry are the result of anti-virus vendors "a infected file was detected" emails - not traffic generated by the code itself

We'll make a "Kevin Mitnick" out of this dumbass kid - just wait - this kid is going to be portrayed by Turner Media as the greatest "hacker" who ever lived!

EliteWeb, I think you are correct.

The kid's [Parson's] hearing just wrapped up, and after the Assistant U.S. Attorney told the judge that Parson's Internet worm, along with other Blaster variants, caused $5 million to $10 million worth of damage and at least 7,000 computers affected - U.S. Magistrate Judge Susan Richard Nelson let the kid go home with electronic monitoring.

Oh, and I almost forgot, the judge basicly said for him to 'be a good boy and don't use the Internet'........

[story.news.yahoo.com...]

Time for me to get back to work [I have another 200 'thank you' messages waiting in outlook].

<Way to rationalize it! The actual people who need to be shot at dawn are the sysadmins>

Nothing like blaming the victims. Its like blaming the cute girl with the sexy dress walking at midnight alone, for getting raped. Rationalize is right.

Anyway, he would have if could have and he and all the others like him/her deserve the max that can be done to them. Come to think of it: shot at dawn...hm... 10 such well publicized executions might not stop it, but I bet it would slow it.

I thought this was interesting:

Prosecutors said Microsoft suffered financial losses that "significantly" exceeded $5,000, the statutory threshold in most hacker cases.

[wired.com ]

What would that $5,000+ be for? Redirecting the domain that was attacked? Writing and distributing a patch for software that was buggy when they sold it? Bandwidth?

How these estimates are arrived at is a mystery to me.

Nothing like blaming the victims. Its like blaming the cute girl with the sexy dress walking at midnight alone, for getting raped. Rationalize is right.

Trust me, I can find the humor in most illogical comparisons - but I'm wondering if you believe what you wrote - cute girls in sexy dresses aren't charged with the constant maintenance and surveillance of computer networks - sysadmins are.

It's more like blaming the sleeping security guard for letting the burglar in the office building... Doesn't make the burglar any less responsible, but the security guard should darn well be held responsible for falling down on the job.

Blaming the victims would be like blaming the people who worked in the building for having their computers stolen because they didn't bolt them to the desks.

<What would that $5,000+ be for?.

Who knows? Point is -- it was a damaging act with consequences none of us can be sure of, but one thing for sure, it does not help Internet commerce to have news of these viruses and worms infecting home/and business computers spreading around. It discourages commercial and other use of the Internet.

On the Internet we live in a virtual world where results of some malicious act are often indirect, and maybe do take immediate effect, but have an effect nevertheless.

In my case, I run a small internet retail site. Was I damaged by this worm - Yes. Time lost, money lost, in filtering the deluge of email, and sales lost, due to bounced emails.

Did I actually lose customers or sales? Yes, maybe 5 that I know of for sure, and that is the big part: "that I know of for sure." But I was damaged. Worse is the bad publicity for the Internet that results from this activity and the lack of trust in it that builds over time, and therefore lack of sales.

This is the equivilent of Vandalism. In the physical world it would be like some 18-year-old in my town making himself invisible and then spray painting and breaking windows on every other business on main street , and stealing people's personal information, and doing the same to half the homes in town. He didn't steal anything or benefit monetarily, but he cost the whole "town" a lot, as well as many individuals/businesses in it.

Our town is the Internet.

In any town in America that kid would be lucky to have the cops rescue him from the mob that would want him skinned alive once he turned visible. A local judge who handed down that silly sentence would be getting death threats herself, for failure to punish, and for encouraging similar behaviour by other 'wanna bes.'

It's time the Internet community and Judges called these people for what they are and punish them for what they are: criminals.

This kid should go to jail, and he should have a criminal record to blacken his future life for a long long time. Shooting him at dawn is too easy.

However, on 2nd thought: Impose that sentence and make him live with it for 10 years knowing it is coming and then carry it out ... now that would be justice.

<cute girls in sexy dresses aren't charged with the constant maintenance and surveillance of computer networks -sysadmins are. >

Sysadmins do not control all of the Internet world, through which these viruses spread. I agree the ISPs of this world and the sysadmins could do more and should have done more, but it's still blaming the victims, rather than the perpetrators to say they are at fault for what the virus creators caused.

...but it's still blaming the victims, rather than the perpetrators to say they are at fault for what the virus creators caused.

Hmmm - I didn't mean to give that impression - I'm saying that the FBI appears to be setting up a kid (who committed the crime of slightly altering text in worm code, then sending it to his buddies - which is stupid and illegal) for crimes he did not commit - the original distributed worms being collectively referred to as "blaster", and it's subsequent mail gateway/server tie-ups caused by negligent sysadmins and over-zealous email notification routines in antivirus software.

Does that make more sense - or am I still full of it?

<I didn't mean to give that impression - I'm saying that the FBI appears to be setting up a kid (who committed the crime of slightly altering text in worm code...... Does that make more sense - or am I still full of it?<

If you are right in your interpretation of what the FBI is doing, and what the kid did vs what the news is reporting he did, you make sense.

Except -- that I think the kid woulda if he coulda and I don't have any sympathy for him and still think he should go to jail and have a criminal record for his criminal act.

But I have to ask: why would the FBI do that? Their credibility with the Internet world is on line for any prosecutions they bring in this matter, or any virus prosecution wherever -- now or in the future.

Under our Justice system they would need to have their ducks in a row under a very hard system that favors the defense with an "innocent until proven guilty" philosophy, before they would even dream of bringing a case. Prosecutors will not normally charge a case without some pretty solid foundation that can be proven in court.

It won't help the FBI if the Internet community, or even just the public at large, comes to find that what you say is true. Their credibility would be destroyed.

Since you asked, you're still full of it.

Re. Only 50 infections. Under your logic there's no harm done if someone shoots a gun at you with intent to kill... but misses. To the rest of the world that's considered a felony.

These viruses are hurting my business and millions of others.

The justice system needs to get tough with these punks.

But I have to ask: why would the FBI do that?

Why does the FBI do any of the things that they do? Because no one can stop them anymore - all they have to do is whisper "terrorist" - then logic and the Bill of Rights fly out the window...

Under your logic there's no harm done if someone shoots a gun at you with intent to kill... but misses.

Another one! Maybe this will help:

kcmetro.cc.mo.us/longview/ctac/corenotes.htm

<Why does the FBI do any of the things that they do? Because no one can stop them anymore - all they have to do is whisper "terrorist" - then logic and the Bill of Rights fly out the window... >

I guess you and I start from a different perspective on our Justice system and the FBI. I know the system is subject to abuse, but it has many safeguards in the system itself, plus an active media ready to jump at the slightest hint of abuse.

Having lived abroad and seen others, I would say ours is by far the best and the most just, save maybe the Brits, but even they with their famous dictum: "A man's home is his castle, and not even the King himself may cross over that threshold without permission" -- Even they have a much more strict system compared to ours, less protection for the accused in some cases, and one with little forgiveness for those who act outside the law.

Anyway, I do not believe the FBI would deliberately (emphasis is on deliberately) set the kid up, and I cannot see any advantage it would have in doing that.

It's not enough to say "because no one can stop them anymore." First, because they can be stopped, and second, because that simply is not a reason to act. And yes, even govt bureaucracies need a reason to act. Sometimes they act wrongly, sometimes from motives/principles we might not all agree with, but they do act for a reason.

The Internet community is one quick to act, and spread the word when a company or govt agency acts wrongly. I don't think the FBI really wants to get attention for wrongful prosecution, in an area such as prosecutions for virus creators, where it gets the scrunity of the Internet world. It would get caught out pretty quickly, I think.

I still think that kid should go to jail, and have a criminal record and that Judge should be removed for her silly judgment. And her silly judgment, and the fact she cannot be removed, and is protected from political pressure, is one reason the FBI can be stopped.