The FBI report on Jeffrey Lee Parson (t33kid, who tweaked the Blaster virus) is a really good read, as noted on MeFi. For me, there were three very interesting things in there.
1. IANAL, but it's the FBI, so doesn't that mean it's a crime against the United States? I ask only because the crime is not to users -- that is, US citizens -- but rather, as stated in the document, the Microsoft corporation. Well, ok, "aggregate loss to Microsoft and other persons," but since when was Microsoft a person? With the FBI fighting for it? This is not a rhetorical question. I'm really curious how it works.
2. The name of the back door that the Blaster Virus installs is called "Lithium." Lithium, notes Special Agent Farquhar, allows remote control of the system.
3. The original Blaster was ingeniously conceived and produced. White-hat (?) hackers at LSD contacted Microsoft about the vulnerability. Microsoft responded by issuing a patch. It was the China-based XFocus, (whose hats seem to be darker) that then reverse-engineered the patch to find out what it was patching. And then exploited that vulnerability.
Essentially, their distribution system was racing Microsoft's. So the lessons may not simply be about security, but also about distribution systems. Because also, what Blaster was doing as it was racing Microsoft, was specifically trying to shut Microsoft's distribution system down through a DDOS attack on windowsupdate.com. It was an interesting race and I'd say -- if we're using binary -- it's China 1, Microsoft 0.Posted by kevin slavin at September 02, 2003 07:33 PM