lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <F5E7D6FE3AA4DB48AB89AF72D48F47F024B57C@MN11MAIL02.world.corp>
From: Chad.Boeckmann at IntegrisMetals.com (Chad Boeckmann)
Subject: Blaster.B/LovSan writer arrested

The writer of the MS Blaster.B variant has been arrested in Hopkins, MN.
http://www.startribune.com/stories/789/4068796.html

Full story below:

Authorities arrest Minnesota teen in Internet attack
Ted Bridis, Associated Press 
  
Published August 29, 2003 INET30 

WASHINGTON -- U.S. cyber investigators arrested a Minnesota teenager today on charges of unleashing a damaging virus-like infection weeks ago on the Internet, officials said.

A court official in Minnesota identified the teenager as Jeffrey Lee Parson, 18, of Hopkins, known online as ``teekid.'' A U.S. official in Washington also confirmed an arrest was made early today.

Parson was to make his initial court appearance at 2 p.m. today in St. Paul.

According to the complaint, FBI and Secret Service agents searched Parson's home on Tuesday and seized seven computers. It also said he admitted FBI Special Agent Eric Smithmier that he modified the Blaster worm and created a variant known by a variety of different names.

Further details were expected to be disclosed later by the FBI and U.S. attorney's office in Seattle, which has been leading the investigation.

Collectively, different versions of the virus-like worm, alternately called ``LovSan'' or ``Blaster,'' snarled corporate networks worldwide, forcing Maryland's motor vehicle agency to close for one day. The infection inundated networks and frustrated home users.

Symantec Corp., a leading antivirus vendor, said the worm and its variants infected more than 500,000 computers worldwide. Experts consider it one of the worst outbreaks this year.

The ``Blaster.B'' version of the infection, which began spreading Aug. 13, was remarkably similar to the original Blaster worm that first struck two days earlier; experts said the author made few changes, renaming the infecting-file from ``msblast'' to an anatomical reference.

All the Blaster virus variants took advantage of a flaw in Microsoft Corp.'s flagship Windows software. Government and industry experts had anticipated such an outbreak since July 16, when Microsoft acknowledged the software problem, which affects Windows technology used to share data files across computer networks.

The infection was quickly dubbed ``LovSan'' because of a love note left behind on vulnerable computers: ``I just want to say LOVE YOU SAN!'' Researchers also discovered another message hidden inside the infection that appeared to taunt Microsoft Chairman Bill Gates: ``billy gates why do you make this possible? Stop making money and fix your software!''

Infected computers were programmed to automatically launch an attack on a Web site operated by Microsoft, which the software maker easily blunted. The site, windowsupdate.com, is used to deliver repairing software patches to Microsoft customers to protect against these types of infections.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ