Wed 27 August 2003 08:56AM BST

FBI confident of catching Sobig.F author
Not wishing to hurry you Mr FBI-man, but it would be good to do it before Sobig.G comes along...

The FBI is confident that it will capture those who are responsible for creating and spreading the MSBlast worm and the Sobig.F virus.

Companies and home computer users have had to deal with the MSBlast worm - also known as Blaster and Lovsan - which started spreading 11 August, a worm that attempted to plug the hole exploited by the MSBlast worm; and the Sobig.F virus, which spread through email attachments opened by unsuspecting people.

FBI Director Robert Mueller said in a statement: We are working with the Department of Homeland Security and with state and local law enforcement on our Cyber Task Forces to track down the perpetrators of Sobig and the recent W32/Blaster worm. We employ the latest technology and code analysis to direct us to potential sources, and I am confident that we will find the culprits.

The FBI subpoenaed Arizona internet provider Easynews.com a week ago, looking for more information about a person who posted the Sobig.F virus to several porn newsgroups. Easynews didn't answer interview requests but released a statement last Friday.

Michael Minor, chief technology officer of Easynews, said in the statement: It appears the account was created with a stolen credit card for the sole purpose of uploading the virus to the Usenet network.

The FBI has its work cut out. The agency has caught only a handful of suspected virus writers, usually because the suspects left a digital trail back to their PCs or talked about the attack after the fact. The person who wrote the Melissa virus, David L. Smith, was nabbed because he released the virus using a stolen America Online account that he connected to using his home computer. The author of the Anna Kournikova virus admitted to releasing that program after creating it with a point-and-click toolkit.

While finding clues on the internet may be more difficult than finding a needle in the proverbial haystack, high-profile cases may generate their own leads because of the amount of scrutiny that the Internet security community brings to bear, said Steve Trilling, senior director of research for security firm Symantec.

Historically, we have seen that the cases that have done the most damage have received the most scrutiny, he said. And Sobig has certainly caused a great deal of damage.


Robert Lemos writes for News.com

ZD Net

Silicon.com