*Warm-hearted hacker sympathizers are writing in,
alarmed that I should suggest in passing that
some offended vigilante might, possibly, kinda,
maybe, you know, set fire to the
house of someone who writes worms.
*That does seem a bit harsh, not
to mention flagrantly illegal, and I certainly
wouldn't do that, nor do I recommend it.
*But, that doesn't mean that, in today's climate,
such things are entirely impossible....
Suppose that these imaginary, entirely
speculative, ticked-off arsonists adapted the handy tactics
of Sven's own "Netsky" gang. So, like, one guy buys
some gasoline, two more stockpile rags and bottles
in a nifty private archive of tips and techniques,
and then you get, like, a disaffected, emotionally
wounded teenager living in his mom's basement to drive by
in someone else's car with the keys left in it, throwing lit
matches.
When all hell breaks loose and the
smoke is still rising, somebody gets a book deal, and
somebody else in on the racket sells out
the match-flinging point guy for a cool
quarter million from Mister Softee.
*I mean, that's basically what's happening
already, right? Except that arson merely
burns one home while these characters are
disrupting airlines, universities, and the daily
lives of tens of thousands of innocent people.
*Boy, SANS sure makes compelling reading
these days:
SASSER NEWS
–Admitted Sasser Author Arrested
(10/8 May 2004)
Police say 18 year-old Sven Jaschan of Rotenburg, Germany, has admitted to creating the Sasser worm. The people who came forward with technical evidence implicating Jaschan will receive a $250,000 reward from Microsoft if he is successfully prosecuted. Jaschan is also allegedly the author of some versions of NetSky.
http://www.washingtonpost.com/wp-dyn/articles/A11160-2004May8.html
http://news.bbc.co.uk/2/hi/europe/3695857.stm
http://www.cnn.com/2004/TECH/internet/05/08/sasser.arrest.ap/index.html
http://www.cnn.com/2004/TECH/internet/05/10/sasser.arrest.reut/index.html
http://news.com.com/2102-1009_3-5208655.html?tag=st.util.print
http://www.newscientist.com/news/print.jsp?id=ns99994973
http://www.theregister.co.uk/2004/05/10/sasser_more_confusion/print.html
[Editor's Note (Pescatore): Most forms of deterrence are better than no deterrence at all, but it is important not to let the focus shift away from the vulnerabilities that enable the worms to damage businesses.
As long as software has glaring holes, someone will exploit them, much the way car thieves continue to steal cars where the key is left in the ignition.]
–New Sasser Variant Warns of Flaw, Urges Update
(10/9 May 2004)
A new version of the Sasser worm, Sasser.E, has emerged after the arrest of Sven Jaschan. This version warns recipients that their computers are vulnerable to the MS04-011 vulnerability and urges them to update their systems with a patch from Microsoft. Microsoft believes the variant was released four days before Jaschan's arrest.
http://www.infoworld.com/article/04/05/09/HNnewsasser_1.html
http://news.com.com/2102-7349_3-5209459.html?tag=st.util.print
–Sasser and NetSky Could Present Dangerous Blended Threat
(6 May 2004)
Some experts are concerned that Sasser and NetSky could be combined to create a more dangerous, blended threat.
http://news.com.com/2102-7349_3-5207634.html?tag=st.outil.print
http://www.computerworld.com/printthis/2004/0,4814,92936,00.html
–Sasser Cleanup Tool Available
(5 May 2004)
Nearly 1.5 million people downloaded a Sasser cleanup tool from
Microsoft in the two days after the tools release.
http://www.computerworld.com/printthis/2004/0,4814,92912,00.html
–Sasser Hits American Express, Delta Airlines, Universities
(7/4 May 2004)
http://www.techweb.com/wire/story/TWB20040507S0008
http://www.computerworld.com/printthis/2004/0,4814,92892,00.html
–Message in Code Hints NetSky Author Responsible for Sasser
(4/3 May 2004)
A message hidden in the code of NetSky.AC suggests that the author of that worm is also responsible for Sasser. "The message is attributed to "the SkyNet" a virus-writing group that also claimed responsibility for other NetSky variants." In addition, Netsky and Sasser call the same set of functions in the same order, suggesting the existence of a private code library.
http://www.computerworld.com/printthis/2004/0,4814,92871,00.html
http://asia.cnet.com/newstech/security/printfriendly.htm?AT=39177957-39001150t-39000005c
