Police, Microsoft hail Blaster arrest

U.S. Federal law enforcement officials were joined by Microsoft Corp.’s general counsel in trumpeting the Aug. 29 arrest of a Minnesota teenager believed to be responsible for releasing one version of the W32.Blaster worm last month.

United States Attorney John McKay said at a press conference that the arrest of Jeffrey Lee Parson of Hopkins, Minn., also known by his online name “teekid,” was a significant accomplishment for federal law enforcement and that the case will “deliver a message to cyberhackers here and around the world.”

Parson was arrested and charged in federal court in St. Paul, Minn. with one count of intentionally causing or attempting to cause damage to a protected computer.

He could face up to 10 years in prison if convicted, according to McKay, who said that the Blaster-B worm caused great harm to the computers it infected and to Microsoft Corp., the target of a distributed denial of service (DDoS) attack that was programmed into the worm’s code.

“Cyberhacking is a crime. It harms persons and businesses,” McKay said.

Speaking for Microsoft, General Counsel Brad Smith said the damage done to the Redmond, Wash., software giant was “the small tip of an enormous iceberg” when taken together with the damage caused to the hundreds of thousands of systems worldwide that were infected by Blaster-A, Blaster-B and the other worm variants.

While McKay spoke of a tough investigation involving long hours and weekends spent tracking down Parson, security experts said that the teenager left plenty of clues for investigators.

“It doesn’t seem like he was too concerned with being caught,” said Craig Schmugar, a virus research engineer at security company Network Associates Inc.

Parson named the new Blaster version after himself, using “teekid” for the virus file, according to the complaint filed in U.S. District Court for the Western District of Washington.

Moreover, he programmed his version of the worm to connect to a Web site, www.t33kid.com, that was registered in his own name and address in Hopkins.

According to the complaint, U.S. Federal Bureau of Investigation and U.S. Secret Service agents were on Parson’s trail within days of Blaster-B’s release on Aug. 14, raiding his home on Aug. 19 and seizing seven computers from that address.

Parson’s version of the Blaster-A worm was simple and did not require him to have a copy of the Blaster source code to create, according to Schmugar.

Using a simple program akin to a text editor, Parson could have simply modified some configuration settings used by the worm to change its name and instruct the worm to deposit a Trojan program that he intended to use to control infected machines, he said.

Network Associates Inc.’s AVERT antivirus lab didn’t record any field reports of infections from the Blaster-B variant, Schmugar said.

Parson, 18, may have counted on hundreds of other virus writers doing the same, providing him with a kind of anonymity, Schmugar said.

That has been the case with previous outbreaks. And while law enforcement usually promises to catch the original virus author, little attention has been paid in the past to copycats, Schmugar said.

While other variants did appear, there were nowhere near as many as with previous outbreaks, he said.

While acknowledging that Parson left some important “clues” for investigators, McKay said that key information leading to the teenager’s arrest came from interviews by federal agents rather than information obtained on the Internet. McKay declined to comment on whether the arrest of Parson will lead them closer to the author of the original Blaster worm, but said that interviews are taking place in that case as well.

Parson’s arrest may not remove a top computer criminal from society, but it could deter future virus copycats, Schmugar said.

“Obviously there’s a question of whether (Parson) is as significant as the author of Blaster-A, but hopefully it will deter people from modifying future viruses,” Schmugar said.

– IDG News Service