Blaster Writer Caught 1157
Henry V .009 writes "The FBI will be arresting an 18 year-old in connection with MS Blaster, reports The Washington Post." According to the article, the teen was witnessed testing the worm, and then turned in by a bystander. It's also worth noting that this is merely one of the Blaster variations. Hope whoever it was had fun, because a world of pain is waiting in store now.
A witness turned him in?!? (Score:5, Interesting)
He's sitting in front of a computer, hitting keys on the keyboard and looking at the monitor. That describes the person who wrote this story, the person who submitted this story, the person who posted the story, me getting first post, and everybody reading and moderating this and every other post to come.
It also describes RMS writing Emacs, Linus debugging the kernel, and SCO issuing another press release.
Did this witness actually read the code? What kind of idiot virus-writer lets someone he doesn't know pull up a chair and start auditing his code?
Or was the witness tipped off when the screen start flashing "NOW TESTING VIRUS"? Damn, I hate when that happens!
This doesn't sound quite right.
Re:A witness turned him in?!? (Score:3, Interesting)
Im guessing it was a mate of his (Score:5, Interesting)
Well until someone is caught and Proven to have written the virus, as far as im concerned it is a bunch of FUD.
A world of sympathy (Score:1, Interesting)
Seriously? Arrest Microsoft, Inc. (Score:2, Interesting)
Corporate neglagence is still a crime. and Corporations are Individuals, therefore Microsoft, Inc. Should be incarcerated.
Re:Will be arresting... (Score:5, Interesting)
Is it standard FBI practise to anounce to the public they will arrest someone before they actually do?
Re:Assuming this is true.... (Score:2, Interesting)
Although, looking at how lousy that worm was implemented, the authour might be dumb enough to get caught.
He did not write MS blaster (Score:5, Interesting)
Bragging (Score:5, Interesting)
Why not eh? stranger things have happened at sea.
Re:Seriously? Arrest Microsoft, Inc. (Score:5, Interesting)
I'm a firm believer that Microsoft, for all it's faults, isn't nearly as much of a problem as it's doting customers. Microsoft has ALWAYS been terrible at security. This is not news. So who the hell keeps buying their crap?
Start charging the folks who deploy Microsoft for negligence.
HAX0R!!! (Score:3, Interesting)
Yo, RTFP/RTFA (Score:5, Interesting)
The BBC article contains a bit more info: It says he's suspected of altering the original MSBlast worm into one that would cause more damage.
It also says: "Reports suggest he is likely to be arrested by the end of the day." WTF? They're giving him advance warning?!? Run, boy, RUN!!! LOL.
Vigilante Virus Writer (Score:2, Interesting)
I wonder if this could be the variation they suspect the teen worked on? If so, it could turn into a slippery moral slope for the press to take a stand on either way...
No wonder he got caught (Score:5, Interesting)
Makes you wonder what a professional terrorist could do. The worm could have been far more destructive.
It is so obvious that Microsoft wrote this article (Score:2, Interesting)
Talk about an advertisement.
Anyway, doesn't it ever occur to the press that Microsoft could actually be doing a better job researching into securifying their products *pre* release? Right now (as everyone knows), they're submitting corporate-level products to corporations, making gazillions of dollars, and ignoring any bugs until someone points them out.
When is somebody going to finally decide to call them on this and force Microsoft to do a security audit?
Re:Seriously? Arrest Microsoft, Inc. (Score:5, Interesting)
What about the users though? This isn't the 70's and information is readily available about Microsoft's security practices. Why do they do it? Is it like riding a rollercoaster that has a 6 junction split at the end, only 2 of which leads to the egress queue, 3 of which leave you hanging on the top of a hill until you debug the rollercoaster, and the final split has a jump through a fiery ring with no landing zone? I mean come on, they all saw the rollercoaster... They all knew the ramifications of their actions.. What about them?
-B
Re:Will be arresting... (Score:3, Interesting)
There is probably more to this then the article states (as is almost always the case with the media-reports). It's pretty vague. A witness, testing? Where was he testing, and how. AV-companies also test this stuff.
Context is missing, so I guess a conclusion will have to wait till this afternoon.
Re:If (Score:3, Interesting)
***World crippled by 12 year old***
Who would've gotten blamed then and what would've been the consequences?
Caught after Braggin' - How typical! (Score:1, Interesting)
How? He started bragging about what he did in a IRC chat room... But oops.... few days later caught!
For gods sake he was like 23 years old!
One word: (Score:5, Interesting)
Given the age (he was only 15!), and given the media, he was still crucified. There was no sympathy angle, there was no "youngster gets hassled by overzealous feds" angle. He was, as could be expected, generally portrayed as an evil h4x0r who DoSed eTrade, eBay, Yahoo, etc.
No, whomever launched MSBlaster.B is not going to become a media darling, and he damned sure isn't going to win the hearts and minds of Joe Sixpack, whose computer kept rebooting itself due to the various incarnations of MSBlaster.
From a personal standpoint, I think it's sort of shitty that this kid is getting busted for what seems to amount to no more than a bit of hex editing. I'd rather see the FBI investing its resources into tracking down the author of the original MSBlaster (as opposed to a barely-modified variant which didn't propagate widely)... And I'd much rather see them go after whatever assclown is responsible for SoBig.F, of which I've now received more than 6,000 copies at 100KB apiece. That's not to say that they aren't investigating these things, and I hope they find the perps eventually; but I think it's a bad deal that they're going to bust a kid who made a knock-off instead of the guy who started it.
I really don't buy the sympathy angle. The guy allegedly launched a worm variant, he probably bragged about it (another similarity to Mafiaboy), according to MSNBC, the FBI subpoenaed IRC server logs [msnbc.com] to track him down. Launch a worm and gloat about it to your 31337 buddies, and you get what's coming.
Fists in the air in the land of hypocrisy (Score:1, Interesting)
OUTCOME: Profit and stupidity
An 18-year old writes a computer virus that shakes these corporations up a little bit....
OUTCOME: The FBI arrests him
MORAL OF THE STORY: The Matrix has you...
P.S. Wake Up by Rage Against The Machine is a great song
Re:Seriously? Arrest Microsoft, Inc. (Score:3, Interesting)
Another version of the Blaster worm (Score:2, Interesting)
Here's the some of the source, might look familiar to some of you..... Hope the right person sees this.
**
** 2003/07/27 - DCOM RPC WIN32 remote exploit (Most languages)
**
** FlashSky/Benjurry and, H D Moore's code is very excellent.
** It works well even if change only return address.
** I didn't feel necessity for new make.
**
** Thankful to them.
**
** 2003/07/30 - Update, Added magic return address.
**
** kokanin supplied very excellent information:
** URL: http://lists.netsys.com/pipermail/full-disclosure
**
** * As well as Korean thanks to, a lot of systems can exploit.
**
** --
** Thank you.
**
** P.S: Sorry, for my poor english.
**
** --
** exploit by "you dong-hun"(Xpl017Elz),
** My World: http://x82.i21c.net & http://x82.inetcop.org
*/
#include
#include
#include
#include
#include
#include
u_char bindstr[]={
0x05,0x00,0x0B,0x03,0x10,0x00,0x00,0x00,
0x48,0x00,0x00,0x00,0x7F,0x00,0x00,0x00,
0xD0,0x16,0xD0,0x16,0x00,0x00,0x00,0x00,
Prison rape (Score:5, Interesting)
I expect the comments in the first place. It's inevitable among any community that has people the likes of the "Frist p0st" and "go to cnn.com [cnn.com] [secret link to goatse.cx]" commenters. But the moderation system is in place so that crap like that can get ignored by the people who don't want to hear it.
If you think it's funny, Obviously I can't/won't stop you from moderating it that way. But think about the real issue behind it before you encourage lighthearted humor about rape.
Re:Huh huh, he said penis... (Score:4, Interesting)
To a techno neophite there isn't much diffrence. If the guy decompiled the code and his friend looked over his sholder his friend would see someone with the blaster source.
Decompillers aren't so well known now a days so even an experenced programmer who might normally know what he is looking at might not recognise this as decompiler output and not original source code.
He might also not realise you generally can not recompile decompiled code.
Or the busted teen is an idiot who said "Hay watch this. I got blaster. Now I'm chaning it to penis32. Aren't I clever?"
Re:A witness turned him in?!? (Score:5, Interesting)
Vote on it! (Score:2, Interesting)
Microsoft, The virus writers, or people who click on attachments.
Come on you anti-MS-types, get clicking!
Re:how odd, not the situation here in UK (Score:3, Interesting)
both
We are a place without wilderness.
Access to every square inch is under control.
Freedom is not just freedom of thought.
Without freedom of movement there is no freedom.
We have a saying, "The trouble with country folk is they lost touch with nature."
Misprison of a felony (Score:5, Interesting)
You have an amazingly rosy view of how the law works in this country. You must be those law-abiding citizens with nothing to fear that I keep hearing about. When we have laws that will revoke habeas corpus for the bizarre and impossible crime of loitering with space aliens (1982, Department of defense appropriations bill) and the hard-hitting "conspiracy of one", you can and will go down for anything if they want you.
Do you think it's an accident that we have the largest prison population, in absolute and relative terms, in the world?
So you feel better now? (Score:4, Interesting)
Sadly he'l be the scaegoat while all the network admins, microsoft etc gets to go free. I just don't think that any punishment they give him will fit the crime... Personally i think he just needs to do some community service, what he did was wrong, but nothing truely bad.
Belittling ourselves (Score:5, Interesting)
The virgin isn't really a reference to sexual activity per-se, so much as it is a reference to the fact that somebody with so much a lack of a "life" probably is very likely sitting in front of a PC 24/7 and not meeting women.
Actually, sounds a lot like me in High School. Except that I didn't write viruses (custom backdoors to deal with people in the lab I didn't like, yes, but the teachers knew and found it amusing), and I now do have a social/sex life in addition to geeky pursuits.
Of course... another trademark of my geekdom is that said social life usually falls on the backburner whenever the newest Final Fantasy or RPG comes out... luckily the g/f is into 'em too (though I haven't gotten her on Warcraft/Starcraft or FPS yet).
Re:Prisoner rape is funny, ha ha (Score:2, Interesting)
Rape is the least of what he deserves. Try him as a domestic terrorist under the patriot act an make him disappear.
Some thoughts on future virus and worm attacks... (Score:1, Interesting)
I think it would be an extremely bad situation if worms had some sort of SDK and documentation in their payload so that anyone, just like this 18-year old, could build on the worms capabilities. By the same token, it would be even worse if the source code to the worm would not be included because that would be a great help for those developing countermeasures against it.
If there's a way to build on a worm's code, people will come up with novel ideas to use the code the original developer of the virus didn't even think of. They could even provide field service to it, fixing/improving the propagation code for example so it hits even more systems.
Finally there's one thing I hope virus writers never consider.. I hope they wont delay execution of their damage code, not even for a couple of hours. If they did that, their worms could penetrate much deeper into intranets before admins detect it and cause so much more damage.
I hate virus writers. They hurt all the corporations dear to my heart, the bank I love and the government we all rely on. I hate this little 18 year old brat whoever he is going to be (obviously the FBI didn't pick which of the million teens with a computer and a modem to go after yet...). I hope they throw the book at him and make him suffer like Mitnick. Scum like that doesn't have "rights" much less a "right" to "due process". They should kick him into the face for breakfast, torture him with cattle-prods for lunch and bullwhip him for dinner 7 days a week.
There comes the question (Score:4, Interesting)
But then that brings the question: such individuals are usually fairly close-knit. If you're around the dude long enough to realize his code is a blaster-variant, and he is somewhat of a friend, or good associate, would you turn him in? How many geeks would?
It's a hard decision, especially with a decent chance that with the current upset over said viruses even a script-kiddy variant-writer is going to get lynched after being caught. It'd make him/her a good example for other would-be virus writers, but would you do it to somebody you know?
Of course, many such geeks are vain. It could have been somebody declaring, "you think blaster was bad... wait until you see the badass variant I'm writing. I'm going to 0WZ0R J00"...
Bill Gates taunt in worm. (Score:4, Interesting)
Gee, maybe we should take his message more seriously. Maybe the author of the worm is correct in some aspects. Some say that Microsoft is solely to blame for this. I'd say it is not 100% correct. There is a shared blame for the security problems:
--
No memory available for sig. Please reboot now.
Scapegoat? (Score:4, Interesting)
Re:A witness turned him in?!? (Score:2, Interesting)
You're misreading the original message. It's not sad that this kid was caught. What was said was:
The sad thing is they'll fail to catch the original Blaster author so they'll throw the book at this kid for the whole Blaster thing.
The sad and dangerous part is the news media's tendancy to try to find the culprit as if there was a single individual responsible. If they blame the entire thing on him, and then have the standard trial by news pundit, what we'll get is a scapegoat and no progress on solving the problem of poorly written software and an expanding OS monoculture that makes the vulnerabilities even more prevalent. Slammer, Blaster, Sobig, and whatever the next one is represent a serious problem, and if we get another attempt to blame it all on the loner teenage hacker instead of trying to fix the bigger problems that make it possible we'll get hit again and probably much harder.
Many of us have spent a lot of time trying to convince our senior management that we have serious problems with unmanaged systems (i.e. either not sysadmin'd at all, or administered by someone who doesn't know what they're doing) and are finally beginning to make some progress. We don't need scapegoating clouding the issue.
I was approached this morning by a VP in my company who pointed to this news release and said 'Looks like they caught him, I guess we don't need that project you wanted for better patch management on the Enterprise network.' I went about re-educating him (and was reasonably successful), but I know I was successful because I have his ear and he listens. Not all of my peers at other companies are as lucky.
Re:Seriously? Arrest Microsoft, Inc. (Score:3, Interesting)
From 1959 to 1969, GM produced a car under the name of the Chevrolet Corvair. The Corvair was radically different from any other American car produced at the time. It was rear engine and powered by an air-cooled V6. This made it a perfect target for the type of attack Nader wanted to launch. It was different, and therefore, suspect. Now, the way the rear suspension of the car was originally designed, under heavy cornering, the rear wheels could take on a positive camber, which Nader charged GM knew made the car prone to rollovers, yet did nothing about. Serious charges to say the least. Did I mention that GM was not only aware of the "problem" (more on that later) but had fixed it before Nader's book "Unsafe At Any Speed" was released?
To say the least, these were serious charges which outraged the public, and cost GM dearly with negative publicity. But here's the thing - in response to these charges, the National Highway Transportation Agency decided to put both styles of Corvair and a few of its competitors through severe handling tests. Neither the original style Corvair nor the later style with camber compensation showed any handling abnormalities and did not roll in ANY single test. There's a much more detailed bit of information about the whole situation here. [corvaircorsa.com]
So what you have is Nader using people's fear of the unknown to generate massive publicity at GM's expense with little to no actual evidence on claims which are eventually proven by both the NHTA and an independent panel to be totally false. In fact, in the years since then, Nader has even admitted that the only reason the Corvair was targeted was because GM was the largest automotive manufacturer at the time, not because of any real problems with the car. And this is the reason that while I may agree with some of his ideals, I would absolutely NEVER vote for Ralph Nader. He's no less of a liar than the ones he ridicules.
Media-blitz acomming FBI are heros (NOT) (Score:3, Interesting)
What the kid allegidly did is wrong, if he did it, he deserves to be arrested, arraigned and go through the process and ultimately be punnished.
I smell a smoke screen here. It seems to me like the FBI is making this arrest and getting the publicity here for their own purposes. By making an arrest and getting publicity, they are doing something for themselves. People will think the FBI actually caught the guy that did it. That isn't true. They caught a stupid individual who took the code, changed it, and re-released it.
Now that the pressure is off, I doubt that the FBI will be able to afford many resources to keep hunting down the original author. They will keep some people on the case but the reality is that they will task most of the agents to other higher priority things now that this is going to the back burner.
To me, the FBI has achieved their goal - to divert publicity away from themselves but, they have not achieved justice which is what I would expect of them.
MOD PARENT UP (Score:1, Interesting)
I think the FBI deserves props for catching this guy, even if he's not the original author, he was still up to no good and one less script kiddie is one less script kiddie.
Re:Huh huh, he said penis... (Score:1, Interesting)
Back in my day we called them disassemblers.
Anyway, the author of this thread says someone witnessed him testing the virus, not modifying it.
Re:Huh huh, he said penis... (Score:3, Interesting)
Here's that genius's picture - Jeffrey Lee Parson, 18, Minnesota teenager who officials said admitted to making a copycat variant of the devastating Blaster Internet worm. [reuters.com]
He looks bald at age 18 !!