Officials look to unearth Internet worm writers
Date: August 22, 2003
SAN FRANCISCO/LONDON: They write menacing software with names like "Blaster," "Welchia" and "Sobig" that worm around the Internet leaving destruction in their path, and on Thursday detectives and computer security firms were hot on their trail.
Computer virus writers have unleashed an unprecedented outbreak of computer worms this past week and while finding them will not be easy, experts generally believe they are ego-filled computing geeks out to impress others.
"Every major law enforcement agency is looking into this. At the end of the day, we want to prosecute," said a cyber crime investigator at the UK's National Hi-Tech Crime Unit, who asked to remain anonymous.
In the past two weeks, major computer infestations by Blaster, also called "LovSan," and Welchia, also dubbed "Nachi," have crawled through holes in computers using Microsoft Corp.'s Windows operating system. A third worm, Sobig.F worm, has spread via Microsoft e-mail programs.
The result is that hundreds of thousands of PCs worldwide have crashed and many computer networks have slowed to a crawl.
The full economic impact of this recent infestation may never be known, but the growing list of victims includes the US Navy and Air Canada. Experts are calling this recent computer infestation, the most damaging worm outbreak yet.
To catch the suspects, investigators are piecing together suspect profiles from strings of computer code to try to trace their destination through a maze of Internet addresses.
This new group of worms is believed to be the work of different parties. The most perplexing may be the author of Welchia, a worm that tries to stop the Blaster worm.
Welchia is the brainchild of either a misguided digital do-gooder or an ego-driven programmer, which is the typical virus writer, computer security experts said on Thursday.
"Any kind of worm that intrudes upon your PC is not good," said America Online spokesman Nicholas Graham.
The Welchia worm arguably does more damage than Blaster, which merely crashes systems. In its zeal to find computers that are infected with Blaster, Welchia is conducting a lot of Internet scanning that paralyzes and slows many computing networks.
Welchia's creator is believed to be from China because in the code are Chinese words and names. The author also includes a phrase saying it was created for a good cause, said Jimmy Kuo of anti-virus vendor Network Associates Inc.
Blaster is thought to have begun in an English-speaking country because of the impeccable English in the software code, said Mikko Hypponen of anti-virus company F-Secure of Finland.
The reference to "San," (in Blaster's other name, LovSan) possibly short for "Sandy," could be the handiwork of a male virus writer looking to impress a girl, he said.
Virus writing "gives underworld cachet to what is otherwise a pretty geeky existence," said David Perry, global director of education for Tokyo-based anti-virus provider Trend Micro. "To impress a girl ... you go out and write a computer virus."
Last year, police tracked down convicted Welsh virus writer Simon Valler after he named his friends and included comments about Wales in the text of his computer virus, dubbed GoKar, investigators said.
Original article at: http://economictimes.indiatimes.com
^macro[showdigestcomments;^uri;Officials look to unearth Internet worm writers]