Update: Teenager arrested in Blaster case
Suspect allegedly modified original worm
Follow @infoworldBOSTON - A Minnesota teenager appeared in federal court in St. Paul Friday to face charges stemming from the release of a variant of the virulent W32.Blaster Internet worm that ravaged computer systems worldwide earlier this month.
Jeffrey Lee Parson, 18, of Hopkins, Minnesota, was arrested by federal law enforcement Friday morning, according to U.S. Federal Bureau of Investigation (FBI) spokesman Bill Murray.
He appeared before federal magistrate Judge Susan Richard Nelson at 2 p.m. CDT Friday at the James R. Dougan Federal Building in St. Paul, Minnesota, according to Deputy Clerk Mike Chutich.
Parson was tracked down by a joint federal task force that involved members of the FBI and U.S. Secret Service, Murray said.
According to a complaint filed at the court, Parson will face one count of intentionally causing or attempting to cause damage to a protected computer in connection with the release of W32.Blaster-B, a variant of the original W32.Blaster-A worm.
That variant appeared on August 14, three days after Blaster-A first appeared, and was nearly identical to the original blaster worm. However, Blaster-B used a different file name, teekids.exe, as opposed to msblast.exe, according to antivirus company Sophos PLC.
Teekid was also an online handle used by Parson, according to the complaint, which was filed in the Western District of Washington in Seattle, according to Chutich.
The 10-page complaint lays out Parson's role in modifying the original Blaster worm and releasing the Blaster-B variant, as well as the process law enforcement used to track the virus back to Parson.
The FBI and the U.S. Attorney's Office scheduled a press conference for Friday afternoon regarding the worm, according to U.S. Attorney John Hartingh in the U.S. Attorney's Office for the Western District of Washington in Seattle.
Further details about the case will be presented then, Hartingh said.
A copy of the complaint obtained by IDG News Service indicates that federal law enforcement first got on the trail of Blaster-B's author by tracking down ownership of an Internet domain, www.t33kid.com, that the Blaster-B worm used to download instructions and report on infected hosts.
That chase led from a San Diego, California, Web wholesale Internet services provider, California Regional Internet Inc., to a small Web hosting provider in Watauga, Texas and, from there, to ISP Time Warner Cable, which provided Parson's father's home broadband account in Minnesota.
Time Warner provided the FBI with the location of Parson's home in Hopkins and federal agents raided that home on August 19, seizing seven computers from the house, according to the complaint.
The results of a forensic analysis of those computers are still pending, but the complaint says that during an interview that day, Parson admitted to modifying the Blaster worm and creating the Blaster-B worm variant, naming it "teekids.exe" after his online name.
Parson further admitted to outfitting the new worm with a backdoor Trojan program, named "Lithium" so that he could reconnect to infected computers.
Blaster-A first appeared on August 11 and exploited a widespread vulnerability in Microsoft Corp.'s Windows operating system.
