Teen Arrested in Blaster Case
Jeffrey Lee Parson, the Minnesota teenager charged with unleashing the W32.Blaster-B Internet worm, is free on bail after a hearing Friday in federal court in St. Paul.
Parson, an 18-year-old from Hopkins, Minnesota, was arrested Friday morning in connection with the release of a
Parson was released on a $25,000 personal recognizance bond and directed to appear before a magistrate judge in Seattle on September 17, according to Pat Sabin, deputy clerk at the St. Paul court. Parson was not required to put up any money to be released but will need to keep court officers informed of his whereabouts, Sabin says.
In addition, Parson must wear an electronic monitoring device and be confined to his home except to attend school, receive medical treatments, and make court appearances, she says. The court also has barred Parson from accessing the Internet and has forbidden him to use computers or "connected devices" at his home or any other location, Sabin says.
According to the court complaint, Parson will face one count of intentionally causing or attempting to cause damage to a protected computer in connection with the W32.Blaster-B, a variant of the original W32.Blaster-A worm.
The Blaster-B variant appeared on August 13, within three days after Blaster-A first appeared, and was nearly identical to the original Blaster worm. However, Blaster-B used a different file name, teekids.exe, as opposed to msblast.exe, according to antivirus company Sophos PLC.
Teekid was also an online handle used by Parson, according to the complaint, which was filed in the Western District of Washington in Seattle, according to Chutich.
The complaint lays out Parson' role in modifying the original Blaster worm and in releasing the Blaster-B variant, as well as some of the process law enforcement used to track the virus back to Parson.
The U.S. Federal Bureau of Investigation and other law enforcement officials declined to provide more information about the case or the identity of the teenager.
The FBI and the U.S. Attorney's Office scheduled a press conference for Friday afternoon regarding the worm, according to U.S. Attorney John Hartingh in the U.S. Attorney's Office for the Western District of Washington in Seattle.
Further details about the case will be presented then, Hartingh said.
The worm takes advantage of a
Vulnerable systems can be compromised without any interaction from a user, which helped Blaster spread quickly on machines running the Windows XP and Windows 2000 operating systems.
At the height of the Blaster outbreak, the worm was credited with shutting down the Maryland Motor Vehicle Administration.
Virus experts were surprised that an arrest was pending, citing the
"I think it gets back to how they caught him," said Chris Wraight, a technology consultant at Sophos. "It wasn't digital forensics, but the human intelligence. They did it the old-fashioned way, with human intelligence."
However, Wraight was not surprised to learn that the suspect in the Blaster-B case was a teenager.
He and others long maintained that Blaster's blatant copying of proof-of-concept code for using the RPC vulnerability, known as the DCOM exploit, meant that Blaster was the work of a novice virus writer, rather than a pro.
The alleged modification of that code by Parson is typical, Wraight said.
"This clearly shows what happens in the virus world--people take and modify other people's code and try to one up each other. But most of these guys are not too swift and they get caught because of an error," Wraight said.
While most worm authors are careful to cover their tracks and escape capture, those who are caught face toughened computer crime laws in the U.S. and Europe, he said.
In July, for example, a UK court rejected an appeal by 22-year-old
In less-developed countries, however, there are few laws governing cyber crimes, Wraight said.
The author of one of the most destructive viruses,