According to US media reports, the FBI is expected to arrest a
man today in connection with one of the various variants of the W32/Blaster
internet worm.
The 18-year-old man was reportedly seen by a witness testing his
virus, based on the original W32/Blaster-A worm. The
witness subsequently contacted the authorities, according to John
Hartingh, a spokesman for the US Attorney in Seattle. The suspect
is believed to have already been questioned by authorities and is
under surveillance. He is not believed to be from Washington.
"A clear message needs to go out to all of those who think
distributing and writing viruses is 'cool' or 'harmless fun'. Once
a virus has been released on the internet it can never be taken
back, it is no longer under anybody's control and can be very
damaging," said Graham Cluley, senior technology consultant at
Sophos Anti-Virus. "It has not taken the FBI long to act in this
case, which is a strong indication that law enforcement authorities
worldwide are getting better at chasing and capturing
cyber-criminals."
The first variant of the Blaster worm, W32/Blaster-B, is
functionally equivalent to its predecessor but creates a file
called teekids.exe rather than msblast.exe in the Windows system
folder. It also creates a different registry entry and includes
some offensive text (which does not get displayed) directed towards
Microsoft, Bill Gates, and the anti-virus industry.
United States Attorney John McKay has announced that a press
conference will be held at 13:30 PST today at the US Attorney's
Office in Seattle, Washington to present more information on the
investigation. He will be joined by FBI Acting Special Agent in
Charge R. Scott Crabtree, and United States Secret Service Special
Agent in Charge Wallace Shields.
In January 2003, a British virus writer was sentenced to two years in
jail for distributing a number of viruses he had written.
Update:Blaster worm suspect
arrested and named - computers seized in Minnesota
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.