Investigators Zeroing in on Sobig Source

Washington Post ^ | Aug. 22, 2003 | Brian Krebs

[FairOpinion]

FBI and Department of Homeland Security investigators have tracked the source of the fast-moving Sobig virus and are working with Internet service providers to try to stop the next phase in the virus's attack, which was expected to begin at 3 p.m. Eastern Time Friday afternoon.

The FBI has served a grand jury subpoena on Easynews.com, a Phoenix-based Internet service provider that provides access to "Usenet," a worldwide online bulletin board system.

According to a source with knowledge of the investigation's focus, the person or persons who released the latest version of Sobig used an Easynews.com account to release the virus onto the Internet. The account was paid for with a stolen credit card number and established minutes before the virus was released on the Internet on Monday, the source said.

The account was established from a computer in British Columbia, which experts said belongs to an unwitting home user whose computer appeared to be infected by a previous version of the virus. That version allowed the virus author to seize control of the computer.

The virus author is thought to have released Sobig over the Usenet system, disguising it as a pornographic photograph in an adult news group, according to a person with knowledge of the investigation. Anyone who clicked on the fake photo had their PC infected with the virus, which then began to e-mail itself to every address on the infected computer's e-mail address book.

Easynews.com co-owner Michael Minor said the company is cooperating with the FBI investigation.

[FairOpinion]

I hope they get the guy, although, as they say, it's not very likely.

[lelio]

The virus author is thought to have released Sobig over the Usenet system, disguising it as a pornographic photograph in an adult news group

And millions of people go "Oh !*!@#O!@"

[TheBattman]

The virus author is thought to have released Sobig over the Usenet system, disguising it as a pornographic photograph in an adult news group, according to a person with knowledge of the investigation. Anyone who clicked on the fake photo had their PC infected with the virus,

Somehow, this almost seems like poetic justice.... too bad the worm causes havoc to otherwise innocent people too.

[proxy_user]

Stolen credit card, hacked non-logging proxy!

1 in 1,000,000 chance of ever finding out.

Most Usenet users who go to those kinds of groups are loaded up with firewalls and virus-scanners. Comes with the territory. Must have been a newbie.

[demnomo]

I hope they catch the jerk, too.

Why does this article conjure up visions of the scene from "War Games" wherein Matthew Brodderick's character gets cornered in the 7-11 parking lot? I know it's not that easy or pat. Somehow, I doubt if this virus was caused by a fifteen-year-old kid having some fun at Bill Gates expense.

Of course, if the perp's full name has a Mohammad somewhere in it, I'm calling my tinfoil milliner, ASAP.

[Prodigal Son]

Let's say they caught this fella. What could they do to him? I mean, what sort of punishment do they hand out for this sort of thing?

[MattAMiller]

I'd be interested to know what newsgroup that was. It might be revealing.

[Ronin]

I doubt it. This takes more brains.

[Frapster]

I heard they caught the person who did this. An 18 year old kid? Anyone have a link to a current article as I can't find one.