Re: [Full-Disclosure] The Jeffrey Parson criminal complaint is online

• Previous message: Hoho: "Re: [Full-Disclosure] MS Blaster author / morning_wood misinformed"
• In reply to: Richard M. Smith: "[Full-Disclosure] The Jeffrey Parson criminal complaint is online"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: full-disclosure@lists.netsys.com
Date: Sat, 30 Aug 2003 10:41:18 -0400

Richard M. Smith wrote:
> http://news.findlaw.com/nytimes/docs/cyberlaw/usparson82803cmp.pdf

Great link.

Items of particular interest:

Page 9, lines 6-8: "Since dl.t33kid.com is a copy of www.t33kid.com, it
also can be used to capture IP addresses of compromised computers."

Isn't that reaching a bit, since the worm doesn't apparently know about
dl.t33kid.com?

Page 10, lines 10-11: "Microsoft expended significant internal and
external (e.g., contracted) resources to respond to the DDos attack
launched by JEFFREY LEE PARSON."

Page 6, lines 12-14: "Within three days, Blaster had infected an
estimated one hundred thousand to two hundred thousand computers. By
August 15, 2003, estimates were as high as more than one million
infected computers."

Page 16, lines 16-18: "...at least 7,000 individual Internet users'
computers were compromised by the variant of the Blaster worm that was
released by JEFFREY LEE PARSON."

So, it sounds like he's responsible for 7,000 out of 100,000 to
1,000,000 infected computers. Unfortunately for him, he's the one
stupid enough to use his handle in the code, so he's the one that shows
up on CNN as the culprit for everything.

While I do not wish to give the impression that I condone or mitigate
the damage done by Parson's variant, I suspect he's going to get held
responsible for the overall worm while interest in finding the original
culprits wanes.

-- 
         gowen -- Greg Owen -- gowen@swynwyr.com
         79A7 4063 96B6 9974 86CA  3BEF 521C 860F 5A93 D66D
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: Hoho: "Re: [Full-Disclosure] MS Blaster author / morning_wood misinformed"
• In reply to: Richard M. Smith: "[Full-Disclosure] The Jeffrey Parson criminal complaint is online"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: SP 3 for XP ... Your plan ignores the fact much spam and malware are spread using compromised computers. ... If you are not concerned if your computer gets malware, it is more likely soon compromised possibly before you have any clue there is a problem. ... (microsoft.public.windowsxp.general) File Destroying Worm Not Causing Much Damage ... By ANICK JESDANUN, AP Internet Writer ... One Italian city's government shut down its computers as a precaution ... Sutra" worm. ... Although the worm tries to disable anti-virus software, ... (comp.dcom.telecom) "Witty" worm ... A quickly spreading worm that emerged over the weekend damaged computers at ... Saturday morning, infecting as many as 30,000 computers before subsiding, ... Miami-based Web hosting company. ... (microsoft.public.security.virus) Re: A code red that could bring down the net? ... He claimed it "got away from him" and he didn't intend it to get away. ... There were a number of screw-ups in the code of the RTM Worm. ... > worm before sending it onto the arpanet. ... > would then repeat these actions in an infinite loop to other computers on ... (Security-Basics) RE: pc keeps rebooting ... > other similarily unprotected computers. ... Sounds like you've gotten caught by the Sasser worm. ... Install an antivirus program and keep it updated. ... Take the infected machine off the Internet and any lan immediately. ... (microsoft.public.windowsxp.general)