 Virus writers hard to track on Net |
    |
The hacker accused of releasing a variant of the Blaster worm that shut down computers around the world in August, left a calling card -- his online alias stitched into the code of the malicious program itself.
Even so, it took the FBI almost three weeks to arrest 18-year-old Jeffrey Lee Parson.
And unless future hackers unmask themselves in a similarly public way, computer security experts say their efforts to hunt down virus writers and bring them to justice could be futile.
"It's almost impossible to catch any of these guys," said Bruce Schneier, chief technology officer of network monitoring firm Counterpane Internet Security and author of "Beyond Fear" and other books on security. "You have to get lucky."
Parson, who the FBI says admitted modifying the Blaster worm and releasing his own version of the program on the Internet, is due to appear in court on Wednesday in Seattle, near where Microsoft Corp. is based.
Blaster and its variants spread through a known hole in Microsoft's Windows operating system, crashing many computers and leaving instructions to launch an attack on a Microsoft security patch Web site later.
The attack was thwarted, but Microsoft said it suffered damage as a result of working to avoid the attack and help customers.
In the Parson case, officials said he included his online alias, "teekid," in the code.
That variant of the Blaster worm, which the FBI claims infected at least 7,000 computers, also installed a back door Trojan program on infected computers and instructed them to register with a Web site that was registered in Parson's name, officials said.
Despite the trail Parson left behind, it was 18 days between the release of the Blaster variant and Parson's arrest in his hometown of Hopkins, Minnesota.
"Anybody could have gone and found this guy by doing a Google search for 'teekid"' said Marc Maiffret, chief hacking officer at eEye Digital Security. "A lot of people are slapping their forehead saying, 'Why didn't I think of that!"'
"He clearly didn't try to cover his tracks at all," said Chris Wysopal, director of research at security firm AtStake.
"It should have taken only a few days to find him."
Net allows anonymity
Wysopal and others speculated that law enforcement investigators may have been focused on tracking down the writer of the first Blaster worm, which has infected 500,000 or more computers, according to some estimates.
Other experts said it can take as long as six months or even years to catch a virus writer and that the speed of Parson's arrest was the exception, not the rule.
Of the five to 15 new viruses released on the Internet per day, most of the creators will never be caught, said Vincent Weafer, director of anti-virus company Symantec Corp.'s security research center.
If they are caught, they would not necessarily be convicted because, in many countries, it is not illegal to release computer viruses, he added.
There are also many ways for virus writers to disguise themselves, including spreading the programs through unwittingly infected e-mail accounts.
"The anonymity of the Internet allows you to use any vulnerable machine to launder your identity," said Wysopal. The ones who are caught are the ones who slip up or brag about their work, experts said.
David Smith, the New Jersey-based writer of the 1999 Melissa virus used different aliases and cross-posted with them on message boards, which allowed investigators to hone in on him, said William Harrod, director of the investigative response division at TruSecure.
Source:CNN
|
