Wednesday, August 27, 2003
Worm Wrights and Virus Virtuosos
One way they hide their identity is to release a virus onto the Net from a public terminal at a university computer center or copy shop. ...Many virus writers go to great lengths--including destroying their hard drives--to get rid of evidence that might aid prosecution.
Melissa contained a unique identifier from Micro$oft Word, the author of the Anna virus was located by his ISP, and the ILOVEYOU author submitted an early version of the code as his senior thesis. [doh!] The four Israeli teens who wrote Goner bragged in IRC discussions. [duh]
Given early, circumstantial evidence that MSBlast may have indirectly contributed to the recent New York blackout, the author of MSBlast (if found) could face life imprisonment under U.S. law. But I still think the likelihood of finding the MSBlast author is low, because he appears to have guarded his anonymity well, and because the worm is so poorly designed, no one is likely to take credit for it.
heh.
[Robert Vamosi] believe[s], however, that the authorities have a reasonably good chance of finding Sobig's author, largely because there appears to be some financial motivation behind this worm.
How do you know if your system's been hijacked for spam? One clue is, in your e-mail client, the sudden presence of "delivery failure" alerts for e-mails sent to people you do not know. Another is the presence of increased activity on your PC's UDP Ports 995 to 999, which any good firewall should notice and inform you of.
Statistics
This page has been viewed 18348625 times
Total Entries: 5718
Total Comments: 4193
Total Trackbacks: 714
Most Recent Entry: 06/14/2011 06:44 am
Most Recent Comment on: 11/27/2011 05:18 pm
{/if}
