|
| David L Smith pleaded guilty to his involvement
in creating and spreading the Melissa virus |
Computer programmer David L. Smith pleaded guilty on Thursday
December 9th 1999 in USA courts for his role in creating and
distributing the Melissa macro virus.
Smith, 31, released the Melissa virus in March 1999 by
deliberately posting an infected document to an alt.sex usenet
newsgroup from a stolen AOL account. The virus, believed to be
named after a stripper Smith had known in Florida, forwards itself
to the first 50 addresses in all of your accessible Outlook address
books. It also occasionally corrupts documents by inserting the
text 'twenty-two, plus triple-word-score, plus fifty points for
using all my letters. Game's over. I'm outta here.'.
According to ZDNet companies such as Microsoft, Intel, Lockheed
Martin, and Lucent Technologies were forced to shut down their
email gateways because of the large amount of email the virus was
generating.
Smith appeared at Monmouth County Superior Court, New Jersey,
and pleaded guilty to one count of computer theft in the second
degree.
Smith also appeared in the Newark US District Court where he
pleaded guilty to one federal count of computer fraud and abuse. He
acknowledged in his federal plea agreement that the Melissa virus
caused more than $80 million in damage to North American
businesses.
"I did not expect or anticipate the amount of damage that took
place. When I posted the virus, I expected that any financial
injury would be minor and incidental," Smith told Judge John
Ricciardi of Monmouth County Superior Court, "In fact, I included
features designed to prevent substantial damage... I had no idea
there would be such profound consequences to others."
When Judge Ricciardi asked Smith whether he agreed that
deliberately releasing the virus on the net did result in those
consequences, he replied, "I certainly agree. It did result in
those consequences."
David L. Smith's state court sentencing is scheduled for
February 18, 2000, with federal court sentencing planned for May
15th 2000. He faces a maximum sentence of 10 years in jail, and a
possible fine total of $400,000.
"A very clear message needs to go out to virus writers," said
Graham Cluley, senior technology consultant for Sophos Anti-Virus,
"Spreading viruses can result in substantial financial damage. The
authorities are prepared to investigate people deliberately
spreading viruses and bring them to justice. It's time for people
to grow up and start acting as responsible members of the
electronic community."
Smith is not the first virus writer to be punished by the
authorities. On November 15 1995, Christopher Pile (alias "The
Black Baron") appeared for sentencing for eleven offences under the
Sections 2 and 3 of the Computer Misuse Act at Exeter Crown Court,
England. Pile had already pleaded guilty to all charges and was
sentenced to eighteen months in prison.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.