Sophos warns of countries sending out mixed message to criminal hackers

August 26, 2005 Sophos Press Release

The worm exploited a Microsoft vulnerability, allowing hackers to take remote control of affected PCs. Image copyright (c) Sophos
A US hacker who took remote control of zombie computers to launch a distributed denial-of-service attack has received a five year sentence.

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned that different countries' approach to sentencing hackers and virus writers is sending out a dangerous message to future potential criminals.

On 12 August, US teenager Jasmine Singh was sentenced to five years juvenile detention for launching distributed denial-of-service (DDoS) attacks against online sportswear retailers that cost the companies more than $1.5 million. Singh used a virus to infect and control innocent computers around the world, forcing them to bombard the websites with data to blast them offline. The US authorities determined that Singh had been hired by rival website owner Jason Arabo, an 18-year-old from Michigan, to launch the attacks.

"Singh's detention has to be welcomed, and it sends out a strong message to other young people not to engage in this kind of criminal activity," said Graham Cluley, senior technology consultant for Sophos. "However, there is a danger that different countries are sending out a mixed message regarding cybercrime. Earlier this year the German teenage author of the hard-hitting Sasser and Netsky worms which affected thousands of businesses worldwide received a punishment of only 30 hours community service. There's a danger that if unless all countries agree to act tough against hackers that they will only cause the problem to become worse."

In 2001, Sophos revealed that the author of the infamous Anna Kournikova worm had escaped with a sentence of just 150 hours community service, whereas a year later David L Smith, creator of the Melissa worm, was sent to jail for 20 months.

Zombie computers - are your PCs under someone else's control?

Zombie computers can be used by criminal hackers to launch distributed denial-of-service attacks, spread spam messages or to steal confidential information. SophosLabs estimates that more than 50 percent of all spam today originates from zombie computers. In May, the Sober-Q Trojan horse and Sober-N worm worked in tandem to infect and hijack computers around the world, programming them to spew out German nationalistic spam during an election.

As spammers become more aggressive, collaborating with virus writers to create armies of zombie computers, legitimate organizations with hijacked computers are being identified as a source of spam. This not only harms the organization's reputation, but can also cause the company's email to be blocked by others.

Sophos ZombieAlert™ advises service subscribers when any computer on their network is found to have sent spam to Sophos's extensive global network of spam traps, and provides rapid notification to customers if their Internet Protocol (IP) addresses are listed in public Domain Name Server Block Lists (DNSBL). This information helps customers locate, disinfect, and protect these systems from future attacks.

Sophos continues to recommend that computer users ensure their anti-virus software is up-to-date, and that companies protect themselves with a consolidated solution that defends against the threat of spyware, spam and viruses.