Analysis

Suspected Virus Author Arrested

Investigators arrested a Minnesota teenager Friday and charged him with unleashing the damaging Blaster computer virus.

The suspect was identified as Jeffrey Lee Parson, 18, of Hopkins, known online as teekid. Parson is scheduled to appear in court at 2 p.m. CDT Friday in St. Paul, Minn.

According to the complaint, FBI and Secret Service agents searched Parson’s home on Tuesday and seized seven computers. It also said he admitted to an FBI agent that he modified the Blaster worm and created a variant known by a variety of different names.

Further details were expected to be disclosed later by the FBI and U.S. attorney’s office in Seattle, which has been leading the investigation.

Collectively, different versions of the virus-like worm, alternately called LovSan or Blaster, snarled corporate networks worldwide, forcing Maryland’s motor vehicle agency to close for one day. The infection inundated networks and frustrated home users.

Symantec, a leading antivirus vendor, said the worm and its variants infected more than 500,000 computers worldwide, making it one of the worst attacks this year.

The Blaster.B version of the infection, which began spreading Aug. 13, was similar to the original Blaster worm that struck two days earlier. The author made few changes, renaming the infecting-file from “msblast” to an anatomical reference.

All the Blaster virus variants took advantage of a flaw in Windows software. An attack of this nature had been expected since July 16, when Microsoft acknowledged the software problem, which affects Windows technology used to share data files across computer networks.

The infection was quickly dubbed LovSan because of a love note left behind on vulnerable computers: “I just want to say LOVE YOU SAN!” Researchers also discovered another message hidden inside the infection taunting Microsoft chairman Bill Gates: “billy gates why do you make this possible? Stop making money and fix your software!”

Infected computers were programmed to automatically launch an attack on a website operated by Microsoft, which the software maker easily blunted. The site, windowsupdate.com, is used to deliver repairing software patches to Microsoft customers to protect against these types of infections.

Comment here