Love Bug virus creator<br>Onel de Guzman
Computers
The kids are all wrong
by Russell Brown
How come young, disaffected and not especially
bright computer nerds can wreak so much havoc in
the business world?
Ever wondered what they’re like, these people who write malicious Internet worms and stage attacks on websites?
Probably a lot like Sven Jaschan, the German teenager who confessed to writing Sasser, the most recent of the worms to have wreaked havoc in corporate computing: young, male, not especially bright and hugely in denial.
It seems quite common for malicious hackers and virus-writers to be distanced from the consequences of their actions.
Jaschan, 18, told investigators that he was trying to write a “good” worm to clean up the Internet – even as he confessed to having also written all 28 variations of the Netsky email virus, which still courses around the globe.
One theory is that Jaschan, who is reported to have achieved only “mediocre” grades in computer science, released the viruses to create work for his mother’s PC repair shop. But did he do all he confessed to? It’s entirely possible that the shy teenager’s delusions – in an underworld where bragging is widespread – extend to the belief that he was responsible for more than he really was.
Even as the German police and the local branch of Microsoft were hailing the arrest of the “sole author” of the viruses, another version of Sasser – Sasser.e – was detected in the wild. It didn’t appear to be the more benign version that Jaschan claimed to have released just before his arrest to try to limit the damage from the previous versions.
Meanwhile, the anti-virus organisation F-Secure reiterated its view that the principal authors of Sasser and Netsky were based in the Czech Republic and Russia.
F-Secure’s researchers have trawled through the source code in all the versions of the viruses and found references to both countries, along with Russian phrases.
They also noted that the secondary functions of the viruses changed with each version: early versions of Netsky did no more when they infected a target PC than remove two other viruses – MyDoom and Bagle. Later versions could be used to harness thousands of infected PCs into a denial of service attack by bombarding certain hacker websites with malformed data, rendering them inoperable.
Such a progression suggests that a succession of hackers got hold of the virus and tweaked it as they saw fit. This was certainly the case with last year’s Blaster worm. Blaster’s original author remains unknown, but in September, US teenager Jeffrey Lee Parson and Romanian 24-year-old Dan Dumitru Ciobanu were arrested and charged with writing variants of Blaster – Blaster-B and Blaster-F respectively.
Parson was sentenced to two years in prison and the last word from Romania was that Ciobanu was facing between three and 15 years. But they weren’t the authors of the versions of Blaster that hit small-business networks and home PCs worldwide. The hapless Ciobanu’s version infected only 27 computers at his university.
Although a Welsh web designer was sentenced to two years’ jail last year for creating three minor email worms, it’s actually three years since the original author of a major virus variant has been convicted. In that case, Dutchman Jan De Wit was so shocked at what he had done by creating the Anna Kournikova worm that he turned himself in to the police.
Before that, there was Filipino Onel de Guzman, who created the highly destructive Love Bug virus, but was never charged with anything because his home country lacked the necessary computer security laws. You have to go back to David L Smith, the notoriously stupid author of Melissa (he was tracked down because the Microsoft Word document he used to launch the worm contained his name and registration details) to find a major virus author who really got nailed. He got 20 months’ jail.
So it was understandable that Microsoft – the target of virtually all new viruses – was keen to announce that it had helped nail the “sole author” of Netsky and Sasser. Jaschan was identified thanks to a Microsoft initiative that has raised the bounty on virus writers to several million dollars. It was apparently the money that drew out a witness prepared to fi nger Jaschan.
Whatever he is saying when he gets to court, the problem will be matching the sentence to the damage caused. Sasser passed between Windows XP and Windows 2000 PCs on networks.
It didn’t damage files, but made computers crash repeatedly and slowed them down. It was enough to break airline reservation systems and German banking networks and halt Australian railways. When a dysfunctional kid can do that in his spare time, you have to wonder whose fault it is, really.
