Blaster Author Pleads Guilty

A 19-year-old has pleaded guilty in a Minnesota federal court to spreading the W32.Blaster-B worm over the Internet.

Jeffrey Lee Parson, of Hopkins, Minnesota, said on Wednesday that he is responsible for creating and unleashing the worm, which affected thousands of computers worldwide. He faces one count of intentionally causing or attempting to cause damage to a protected computer in connection with the release of the worm, according to a statement from the U.S. attorney's office for the Western District of Washington.

Variant's Tactics Told

Parson could face between 18 and 37 months in prison and end up paying millions of dollars in fines. Sentencing is scheduled for November 12 before Judge Marsha Pechman in the U.S. District Court for the Western District of Washington in Seattle, according to the statement from the U.S. attorney's office.

The W32.Blaster-B variant of the Blaster worm first appeared on the Internet on August 13, 2003, just days after W32.Blaster-A first appeared. Blaster-B used a different file name, teekids.exe, as opposed to the original msblast.exe.

The worm was programmed to take advantage of a vulnerability in the DCOM (Distributed Component Object Model) interface component of Windows, which handles messages sent using the RPC (remote procedure call) protocol. Blaster-B used the DCOM flaw to spread itself over the Internet and launch denial-of-service attacks against popular Web sites, including Microsoft's Windows Update Web site.

Parson also admitted to adding a backdoor Trojan program, named "Lithium," to Blaster-B, which allowed him to reconnect to infected computers, according to the complaint filed by law enforcement officials in the Seattle court last year.

Vendors, Cops Teamed

Parson was tracked down last year by a joint federal task force that involved members of the FBI and the Secret Service.

The officials first got on the trail of Parson after tracking down ownership of an Internet domain, www.t33kid.com, used by the Blaster-B worm to download instructions and report on infected hosts. Information about that domain name led officials to Parson's father's home in Hopkins, Minnesota. Parson was arrested and seven computers were seized from his home.

After his arrest, Parson admitted to modifying the original Blaster worm and creating the Blaster-B worm variant, naming it "teekids.exe" after his online name, according to the complaint. At the time, he faced up to ten years in prison and a $250,000 fine. He was let off soon after on $25,000 bail.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon