Investigators Arrest Teen In 'Blaster' Virus Attack
An 18-year-old Minnesota teenager was arrested Friday, accused of altering a malicious computer code that was targeting Microsoft Corp. software and re-releasing it.
A federal law-enforcement official confirmed that authorities arrested Jeffrey Lee Parson and charged him with intentionally causing and attempting to cause damage to a protected computer. The official said Mr. Parson, who operated his own Web site, told authorities he altered the code of the original "Blaster" worm so that he could monitor the infected machines from his home in Hopkins, Minn.
FBI officials had hinted for more than a week that they had identified at least one suspect who had created a variant of the "Blaster" worm that infected millions of computers world-wide earlier this month and at one point caused the shutdown of some governmental agencies.
Blaster is a worm, a type of program that infects computers on its own, as opposed to computer viruses, which require some action on the part of the operator of the victim computer to infect it, such as opening an attachment that contains the virus.
Microsoft became aware of the worm on Aug. 11, according to the affidavit in Mr. Parson's case. Within three days, it infected as many as 200,000 computers and by Aug. 15, estimates were exceeding one million infected computers.
Almost as quickly as authorities spotted the original worm, they detected variants. They captured one, renamed teekids.exe and by examining and disassembling the code watched as the worm entered an infected computer and connected to the web site
www.t33kid.com where a Secret Service agent witnessed the connection.
While examining the Web site, the agent found the Web site contained the programming source code for multiple Internet worms and found the Internet Protocol address. In addition, the agent was able to track the IP address to California Regional Internet Inc. The various computer networks eventually led to Mr. Parson's physical address.
According to the affidavit, Mr. Parson admitted modifying the worm, creating variants that included remote access to allow him to reconnect to infected computers at a later date. The affidavit filed by the FBI in support of Mr. Parson's arrest alleged that he developed and released "onto the Internet a variant of the Blaster worm that infected at least 7,000 individual Internet users' computers, turned those computers into drones that attacked or attempted to attack Microsoft and, in particular, its web site
www.windowsupdate.com."
FBI officials said late Friday that Mr. Parson remains under house arrest and could face 10 years behind bars and a $250,000 fine. Federal authorities said the investigation of the attack was continuing.
John McKay, the U.S. attorney for the western district of Washington state, declined to say whether additional arrests were imminent. He added that investigators have "evidence" in their search for the writer of the original Blaster program. He declined to elaborate.
Speaking to journalists, Mr. McKay characterized Mr. Parson's alleged crime as a "broad and sustained attack," with serious harm to individual computer users and businesses. The damage is "very substantial," he said, adding the FBI "takes these crimes very seriously."
Mr. McKay declined to comment on Mr. Parson's motives. He said a Minnesota court has banned the teenager from the Internet and that agents confiscated a number of computers from his family's home.
Recent worms and viruses focused on Microsoft have infected millions of computers around the world. The FBI, computer experts and others averted another wave of problems last week when they effectively stopped an attack on 20 Internet sites that would have spread the infections even more.
The computer-crime unit based in the FBI's office in Seattle, because of its proximity to Microsoft in Redmond, Wash., is heading the investigation.
Authorities are still trying to determine who created and circulated the original Blaster worm, and the more widespread and destructive virus SoBig. An FBI official familiar with viruses and worms said the investigations are difficult and numerous. "One of the problems is it's not illegal to write a malicious code. It's illegal to circulate one," the official said.
Earlier this week, Jana Monroe, assistant director of the FBI's Cyber Division emphasized the point. "We are constantly facing new malicious computer codes including worms, viruses, Trojan Horses, and their variants," she said in a statement encouraging computer users to protect themselves. "Unfortunately, such exposure has become a part of being in cyberspace, but there are steps that individuals and businesses can take to protect themselves."
Bill Murray, spokesman for the FBI's cyber division, said Friday that antivirus companies and experts estimate that "we have 70,000 pieces of malicious code floating around on the Internet right now." He added that those experts estimate three to five new pieces of malicious code are released "into the wild everyday." He said that is why the FBI stresses that it's "imperative" that computer operators get the patches and antivirus protections that are available, often at no charge.
Robert Holleyman, president and CEO of the Business Software Alliance praised Friday's arrest and said it "sends a strong message to cyber criminals that computers viruses and worms are not just clever acts of mischief but serious crimes that can cause economic damage, or worse."
"冲击波"变种病毒制造者落网
美国调查人员周五逮捕了明尼苏达州一名少年。联邦调查局(FBI)称,这名少年承认散布了一种几周前在互联网上传播的致命病毒。
一位法庭官员称,少年名叫Jeffrey Lee Parson,今年18岁,家住明尼苏达州霍普金斯,他的网名为teekid。一位在华盛顿的官员也证实这位少年周五被捕。
法庭文件称,联邦调查局和美国情报机关的特工在8月19日搜查了Parson的居所,发现7台电脑。目前这些电脑正接受专家的分析。在接受联邦调查局特工Eric Smithmier的问话时,Parson承认将原始的"冲击波"(Blaster)病毒版本加以修改,生成了"冲击波II"(Blaster.B)。冲击波II还有其他不同的名称。
联邦调查局在法庭文件中说,至少有7,000台电脑受到Parson所制作软件的感染。
