- News>
- Internet & Social Media
Virus writers difficult to find in cyberspace
San Francisco, Sept 13: In the murky underworld of computer crime, this was as close as investigators ever get to a smoking gun.
The hacker accused of releasing a variant of the Blaster worm that shut down computers around the world in August, left a calling card -- his online alias stitched into the code of the malicious program itself.
Even so, it took the FBI almost three weeks to arrest 18-year-old Jeffrey Lee Parson.
And unless future hackers unmask themselves in a similarly public way, computer security experts say their efforts to hunt down virus writers and bring them to justice could be futile.
"It's almost impossible to catch any of these guys," said Bruce Schneier, chief technology officer of network monitoring firm Counterpane Internet Security and author of "Beyond Fear" and other books on security. "You have to get lucky."
Parson, who the FBI says admitted modifying the Blaster worm and releasing his own version of the program on the Internet, is due to appear in court on Wednesday in Seattle, near where Microsoft Corp. is based.
Blaster and its variants spread through a known hole in Microsoft's Windows operating system, crashing many computers and leaving instructions to launch an attack on a Microsoft security patch Web site later.
The attack was thwarted, but Microsoft said it suffered damage as a result of working to avoid the attack and help customers.
In the Parson case, officials said he included his online alias, "teekid," in the code.
That variant of the Blaster worm, which the FBI claims infected at least 7,000 computers, also installed a back door trojan program on infected computers and instructed them to register with a Web site that was registered in Parson's name, officials said.
Despite the trail Parson left behind, it was 18 days between the release of the Blaster variant and Parson's arrest in his hometown of Hopkins, Minnesota.
"Anybody could have gone and found this guy by doing a Google search for 'teekid"' said Marc Maiffret, chief hacking officer at eEye Digital Security. "A lot of people are slapping their forehead saying, 'Why didn't I think of that!"'
"He clearly didn't try to cover his tracks at all," said Chris Wysopal, director of research at security firm at Stake. "It should have taken only a few days to find him."
Bureau Report