View Full Version : Teen Arrested in Web Attack


Janice
08-29-2003, 01:54 PM
WASHINGTON (Aug. 29) - U.S. cyber investigators arrested a Minnesota teenager Friday who the FBI said has admitted unleashing one version of a damaging virus-like infection weeks ago on the Internet.

A court official identified the teenager as Jeffrey Lee Parson, 18, of Hopkins, Minn., known online as ``teekid.'' A U.S. official in Washington also confirmed an arrest was made early Friday.

Court papers said FBI and Secret Service agents searched Parson's home on Aug. 19 and seized seven computers, which are still being analyzed. In an interview with FBI Special Agent Eric Smithmier, Parson admitted modifying the original ``Blaster'' infection and creating a version known by a variety of different names, including ``Blaster.B.,'' court papers said.

FBI Director Robert Mueller hinted earlier this week that an arrest was imminent, when he cited the damage from the recent Blaster and ``SoBig'' infections.

``We employ the latest technology and code analysis to direct us to potential sources, and I am confident that we will find the culprits,'' Mueller said Tuesday.

Parson - a physically imposing presence at 6-foot-4 and 320 pounds - told the FBI he built into his version a method for reconnecting to victim computers later, according to court papers. Infected computers automatically registered themselves with Parson's Web site so he could keep track of them.

Parson operated the t33kid.com Web site, according to Internet registration records.

The Web site, which was operated from computers physically in San Diego, appeared Friday not to have any content on it but previously contained software code for at least one virus and a listing of the most-damaging viruses circulating on the Internet.

The FBI said in court documents that at least 7,000 computers were infected by Parson's software.

Further details were expected to be disclosed Friday by the FBI and U.S. attorney's office in Seattle, which has been leading the investigation. The case was being handled from Seattle because the infection affected software sold by Microsoft Corp., based in nearby Redmond.

Prosecutors said Microsoft suffered financial losses that ``significantly'' exceeded $5,000, the statutory threshold in most hacker cases.

Collectively, different versions of the virus-like worm, alternately called ``LovSan'' or ``Blaster,'' snarled corporate networks worldwide, forcing Maryland's motor vehicle agency to close for one day. The infection inundated networks and frustrated home users.

Symantec Corp., a leading antivirus vendor, said the worm and its variants infected more than 500,000 computers worldwide. Experts consider it one of the worst outbreaks this year.

The ``Blaster.B'' version of the infection, which began spreading Aug. 13, was remarkably similar to the original Blaster worm that first struck two days earlier; experts said the author made few changes, renaming the infecting file from ``msblast'' to an anatomical reference.

All the Blaster virus variants took advantage of a flaw in Microsoft Corp.'s flagship Windows software. Government and industry experts had anticipated such an outbreak since July 16, when Microsoft acknowledged the software problem, which affects Windows technology used to share data files across computer networks.

The infection was quickly dubbed ``LovSan'' because of a love note left behind on vulnerable computers: ``I just want to say LOVE YOU SAN!'' Researchers also discovered another message hidden inside the infection that appeared to taunt Microsoft Chairman Bill Gates: ``billy gates why do you make this possible? Stop making money and fix your software!''

Infected computers were programmed to automatically launch an attack on a Web site operated by Microsoft, which the software maker easily blunted. The site, windowsupdate.com, is used to deliver repairing software patches to Microsoft customers to prevent these types of infections.

08/29/03 12:12 EDT

Copyright 2003 The Associated Press. The information contained in the AP news report may not be published, broadcast, rewritten or otherwise distributed without the prior written authority of The Associated Press. All active hyperlinks have been inserted by AOL.

Mr. Television
08-29-2003, 02:02 PM
I'm glad they caught him.

Penny Lane
08-29-2003, 03:32 PM
They really need to punish these creeps! The whole world could be shut down by something like this! Life imprisonment is too good for'em!:smash:

Crimson and Clover
08-29-2003, 03:34 PM
Thank god. Maybe now I'll stop getting those dang emails.

PZelda
08-29-2003, 05:43 PM
Oh, my God. Hopkins, MN is pretty close to where my older sister lives. :eek: I'm glad they finally caught him. :mad:

TJL
08-29-2003, 06:07 PM
People like this guy are obvously smart, why do they waste their time on such stupid things?

Brian Damage
08-29-2003, 06:24 PM
Because they're so stupid, they don't realize they're smart.

Janice
08-29-2003, 06:26 PM
Originally posted by Brian Damage
Because they're so stupid, they don't realize they're smart.
:lol:
That's true if you really think about it.

PZelda
08-29-2003, 06:26 PM
Originally posted by Brian Damage
Because they're so stupid, they don't realize they're smart.

:rofl:

Chad22
08-29-2003, 07:03 PM
Originally posted by Brian Damage
Because they're so stupid, they don't realize they're smart.

That has to be one of the greatest Sayings i've ever read :lol:

Lucylover22
08-29-2003, 09:45 PM
Why must people do this? To annoy everyone?

sara
08-30-2003, 12:27 AM
It's great that he got caught.:clap

Brad Russ
08-30-2003, 10:30 AM
Originally posted by Crimson and Clover
Thank god. Maybe now I'll stop getting those dang emails.

I don't think that the worm this guy is responsible for has anything to do with those emails unfortunately. I got 50 of them yesterday, and just got another one about 5 minutes ago.

laceyinthesky
08-30-2003, 10:41 AM
Originally posted by sara
It's great that he got caught.:clap

Indeed it is... How these people think they can do with without being caught is beyond me.. especially is there's a link to their website that has their address on it. :wasntme: :lol: Good thing he was that stupid though, otherwise it would have been that much harder to find out who was behind the virus.

robyrob
08-30-2003, 03:08 PM
Originally posted by laceyinthesky
Indeed it is... How these people think they can do with without being caught is beyond me.. especially is there's a link to their website that has their address on it. :wasntme: :lol: Good thing he was that stupid though, otherwise it would have been that much harder to find out who was behind the virus. This kid was not behind the msblaster worm (which has nothing to do with email viruses) - all he did was modify the org code - there were at least 4 or 5 other variants, including a couple "white hat" worms that would use the same infection method, but would download the MS patch and "fix" itself (unfortunately all it did was clog up networks as it spread).

The original problem is still there - there are some fundamental security problems in all versions of Windows, and MS takes its time putting out patches which have zero effectiveness if people don't download and install the patches. I'm not defending the virus writers; I just think that a lot more of the blame should be focused on Micro$oft and their laughable security initiative.

laceyinthesky
08-30-2003, 06:39 PM
Originally posted by robyrob
I just think that a lot more of the blame should be focused on Micro$oft and their laughable security initiative.

I disagree.

So basically what you're saying is that, if someone breaks into my house, it's my fault for not having a better security system?

passionsfan79
08-31-2003, 12:38 AM
i was suprised to see that it came from my state

Crimson and Clover
08-31-2003, 12:41 AM
well i havent been getting any more of them emails

passionsfan79
08-31-2003, 01:47 AM
thankfully i never got any

Truth
08-31-2003, 02:57 AM
Originally posted by Crimson and Clover
well i havent been getting any more of them emails


WEll SoBig.F from what ive heard is slowing down but they are expecting a new version to come anyday now... I don't recieve the virus in email though since AOL Blocks all emails with Viruses.. I do however recieve bounced emails..... Which basically happens like this..


Step 1: Virus sends itself out through email and under who its from, it lists my Email Address (Not all the time of course only rarely, other times itll list other peoples email addys)

Step 2: If the Virus is sent to an email address that doesn't exist... It doesn't reach them

Step 3: An automatic Email is then sent back saying that the email with the virus didn't reach who it was sent to because the recievers email address doesn't exist.

Step 4: Since they listed me as who the email was from, I recieve this automatic Email..




I woulda explained that just in a regular paragraph but I couldn't figure out an easy way to do it lol...

robyrob
08-31-2003, 03:00 PM
Originally posted by laceyinthesky
I disagree.

So basically what you're saying is that, if someone breaks into my house, it's my fault for not having a better security system? no, what im saying is if you leave your doors and windows wide open, with a prerecorded message blaring over a loudspeaker saying "hey come steal my juicy stuff - im not even looking!!!" then it is your fault

Micro$oft doesnt even bother trying to patch these holes with any urgency - the exploit that the blaster worm uses was made public months before a patch came out - plenty of time for even the busiest hackers to come out with something simple