A Minnesota teenager accused of downloading the Blaster computer worm code, modifying it and releasing the damaging and debilitating variant on the Internet last year pleaded guilty in U.S. District Court this week to infecting computers.
If convicted, Parson faces about three years and several hundred thousand dollars in penalties. When asked in court why he had released the Blaster variant, the now-19-year-old Parsons reportedly said he was unsure at the time of doing so.
Security experts praised the arrest and now prosecution of Parsons, who was apprehended a year ago. Analysts said that while he might not be as big of a suspect as the original Blaster author, Parsons represents a dangerous trend toward more numerous and dangerous variants.
“I don’t think he’s a big fish, but the variant writers demonstrate how easy it is,” Gartner vice president Richard Stiennon told TechNewsWorld. “If there’s some prosecution going on, it will deter the virus writers doing it for kicks. It will not, however, deter the criminals.”
Competing For Compromises
Appearing before a judge in Seattle, Parsons conceded through a plea agreement that he had created the B variant, also known as the “teekids” variant, of the Blaster worm and used it to take over computers that were employed for an attack on nearly 50,000 other machines.
Parsons’ arrest last summer was followed by the arrest of a second variant suspect in Romania. Both Parsons and the Romanian suspect are alleged to have released modifications of the original Blaster worm, which took advantage of a widespread Microsoft Windows vulnerability to infect hundreds of thousands of PCs.
Stiennon said the biggest concern from the variants is their increasing number. He said the danger stems from variant writers — typically younger coders playing with malicious code for fun or notoriety — and their competition to acquire armies of compromised computers.
“It’s painful to update your software every day and we’re getting to the point where you have to,” Steinnon said.
Teens Take to Worms
While the FBI would not comment on current investigations, a senior official at the bureau told TechNewsWorld that there is concern about variants and the implications of additional virus writers.
Stiennon said that while their virus writing does not do the damage or cause the same level of disruption as an original worm that is launched successfully on the Internet, there is a danger in these lower-level “script kiddies” selling their armies of “bots,” or compromised computers to higher-up criminals who perpetrate fraud and theft using victims’ machines.
Ken Dunham, iDefense malicious code intelligence manager, told TechNewsWorld that there are a relatively small number of virus writers responsible for the year’s worst worms. Dunham said that the number and impact of variants has grown as virus writers release more than one variant at a time to overwhelm antivirus defenses and as they advance their “families” of viruses to compete with each other, as occurred in this spring’s “worm war.”
As the legal process is underway for Parsons and other virus and variant writers who have been arrested and charged recently, a security push is underway from Microsoft, which this week released the final version of a major update to its Windows XP operating system — the target of most virus attacks and outbreaks.
Stiennon said that if the Service Pack 2 update were widely deployed with a firewall turned on, the update could have slowed malicious code such as Blaster or its variants. However, Stiennon added that the reality is that not all machines are running the latest Windows XP, not all are patched, not all have firewalls and many are vulnerable.
The analyst added that it will likely take at least a year and a half before any security improvements from SP2 are realized on a widespread basis.