Linked by David Adams on Tue 12th Jul 2005 15:39 UTC, submitted by Ryan
Bugs & Viruses Microsoft has paid two unnamed informers $250,000 for help in tracking down the author of the Sasser worm. The Sasser worm infected over 18 million computers worldwide within its first week in the wild, costing businesses estimated millions.
Order by: Score:
They did not however pay the..
by Anonymous on Tue 12th Jul 2005 15:46 UTC
Anonymous
Member since:
---

...$1,000,000 reward which emphasized bringing hte author in on a roasting spit."


to bad.

Reply Score: 0

JT
by Anonymous on Tue 12th Jul 2005 15:49 UTC
Anonymous
Member since:
---

didnt read the article...been there done that but

the question is - How did they know where to point the finger?

and are they going to share with their friend who put sasser together?

I think the sasser guy should be compensated for showing how insecure all those networks were...

JT
(first post)

Reply Score: 0

It would be nice...
by Anonymous on Tue 12th Jul 2005 15:51 UTC
Anonymous
Member since:
---

if they would admit their track record on security is due to design. I guess it is easier to blame the worm authors than for Microsoft to accept responsiblity for designing a system so easily compromised. (http://www.realtechnews.com/posts/1511)

Reply Score: 0

I wish
by JrezIN on Tue 12th Jul 2005 15:53 UTC
JrezIN
Member since:
2005-06-29

I wish I knew this guy... =-]

But seriously... I hope they expend this kind of money contracting people to hack and hack-proof their products.

Reply Score: 1

Responsibility
by StephenBeDoper on Tue 12th Jul 2005 16:21 UTC
StephenBeDoper
Member since:
2005-07-06

if they would admit their track record on security is due to design. I guess it is easier to blame the worm authors than for Microsoft to accept responsiblity for designing a system so easily compromised.

Microsoft is arguably negligent for allowing it to occur, but the the blame for the worms themselves should be placed solely on those who wrote and released them.

Reply Score: 3

RE: Responsibility
by ma_d on Tue 12th Jul 2005 16:32 UTC in reply to "Responsibility"
ma_d Member since:
2005-06-29

No, that's not a fair assessment.
The fact is, Microsoft released the patch before Sasser: It wasn't Microsoft's fault like it was with blaster.

I frankly blaim most of the people who didn't run updates. Not that everyone should have had their updates run already, but I think that before Sasser hit a good 15% of machines should have been updated; and within a week 100% should have been: That would have really brought the damages waaaay down.

But businesses all have so many self-inflicted barriers to running updates. And home users are just too stinkin lazy.

Reply Score: 3

RE[2]: Responsibility
by Anonymous on Tue 12th Jul 2005 20:49 UTC in reply to "RE: Responsibility"
Anonymous Member since:
---

"frankly blaim most of the people who didn't run updates. Not that everyone should have had their updates run already, but I think that before Sasser hit a good 15% of machines should have been updated; and within a week 100% should have been: That would have really brought the damages waaaay down."

From what I read, they were afraid that it will brake
their MS SQL if they apply the said patch. And that
it did happen before. So now we're back to MS's poor
OS design.

Reply Score: 0

and so it begins.
by JohnMG on Tue 12th Jul 2005 16:42 UTC
JohnMG
Member since:
2005-07-06

Very nice. :|

Reply Score: 1

janedoe
Member since:
2005-07-12

...which is kind of unfortunate.

Although I don't like microsoft it's not fair to say that _any_virus is their own fault. Sure, some of the blame lies with them, after all they're the ones making some very stupid decisions (see: many holes in IE*).

However, IMHO anyone who writes a virus that gets out into the wild (and whoever released the thing) should be hung out to dry.

Microsoft is just making it easier, not making it happen.

* I have no idea how sasser spreads itself. I havn't looked into it. That was just an example.

Reply Score: 1

v RE: Responsibility
by Anonymous on Tue 12th Jul 2005 17:28 UTC
"costing businesses millions"
by Anonymous on Tue 12th Jul 2005 17:30 UTC
Anonymous
Member since:
---

I'd like to know, after the worm "cost them millions" which businesses STILL HELD TO THE SAME PRACTICES OF "NEVER UPDATE". Probably nearly all of them.

Reply Score: 0

v Blame
by Anonymous on Tue 12th Jul 2005 17:31 UTC
ugh
by speel on Tue 12th Jul 2005 18:31 UTC
speel
Member since:
2005-07-11

damn snitchs!

Reply Score: 1

v Bounties
by Anonymous on Tue 12th Jul 2005 18:41 UTC
Glad to hear it
by Anonymous on Tue 12th Jul 2005 18:50 UTC
Anonymous
Member since:
---

I remember the sasser fire drills. And lets not forget the 14min comprimised time on new windows installs.
Script kiddies beware

Reply Score: 0

Suspended Sentence
by Anonymous on Tue 12th Jul 2005 19:05 UTC
Anonymous
Member since:
---

The Sasser worm author received a suspended sentence from a German court last week. He must perform 30 hours of community service work (less than the standard work week) and will not be required to pay court costs or restitution. So if you want to write viruses without fear of reprisal, move to Germany.

Reply Score: 0

RE: Suspended Sentence
by Anonymous on Wed 13th Jul 2005 08:14 UTC in reply to "Suspended Sentence"
Anonymous Member since:
---

Not a correct assessment. The reason why he received the sentence he did is because companies knew how to protect themselves, and did not.

Put this into a context of real life. Let's say that it is possible to break into a car because an electronic car key is faulty and issues an immediate recall. However, you ignore the recall and keep driving and a person breaks into your car then the insurance companies will say it is your fault. It is like leaving a key in your car, with the doors open. No insurance company will insure your losses.

From what I gathered the judges used this logic when applying punishment for the virus writer.

Reply Score: 0

Job
by Anonymous on Tue 12th Jul 2005 19:07 UTC
Anonymous
Member since:
---

Police: Why did you do it?
Jaschan: Needed a job
Police: You could have just applied like everyone else
Jaschan: I did. They said I lacked experience.
Police: Did you try again?
Jaschan: Why bother. I had tried so many times to get a job with so many different companies I gave up. Got tired of hearing I didn't have enough experience.
Police: So you wrote Sasser?
Jaschan: yep
Police: to get back at them?
Jaschan: no
Police: then why?
Jaschan: I figured they'd hire me if I showed them what I could do
Police: OK. We'll make a deal with you. You stop writing this stuff and start writing for us. Deal?
Jaschan: Deal
Police: 120K a year to start OK?
Jaschan: That will be fine.

The only way some of these people can get a job is to do stuff like this. Surest way to life time job security you know. lol.

Reply Score: 1

RE: Job
by Moocha on Tue 12th Jul 2005 20:09 UTC in reply to "Job"
Moocha Member since:
2005-07-06

Except nobody outside the snake oi^H^H^H^H^H^H^Hecurity software business will hire malware authors knowingly, and especially not expressly because they released malware, and least of all will a public institution do that.

Reply Score: 1

RE[2]: Job
by Anonymous on Tue 12th Jul 2005 21:09 UTC in reply to "RE: Job"
Anonymous Member since:
---

snake oil software business?
"... currently works for a German security software firm named Securepoint, which protects systems against worms and viruses. "

didnt know they sold snake oil... been looking for some of that!

Strange that i have seen numerous people have the malformed webpage that freezes your computer on their website to show the exploit and they havent been hunted down and arrested... as well as other "look at what heppens when" kind of stuff.... He didnt spy on you, he didnt destroy data, he didnt cause you to be stoned.... he showed you a hole in your operating system....

Reply Score: 0

JT
by Anonymous on Tue 12th Jul 2005 20:04 UTC
Anonymous
Member since:
---

yea i wish i could blame the guy a bit more but he honestly didnt write anything horrible, in fact wasnt he the one who claimed he originally wrote it to remove some other exploit or soemthing....

There was a exploit and this guy simply wrote something that showed how bad of a hole was wide open... Yes, he could of done it in a nicer way but then M$ would of evaluated the impact for a year or more...

I just think this caught people with their pants down so they wanted him fried....pitiful really


I still think him and his friends made sure to claim the reward and make sure he got caught before he turned 18...

I wonder what metnick thinks when he hears people getting community service and crap for this stuff.....

Reply Score: 0

way to go ms!:)
by Anonymous on Tue 12th Jul 2005 20:09 UTC
Anonymous
Member since:
---

i don't blame microsoft, neihter the sasser guy... I frankly blaim the people for using such insecure products as operating system... I mean, if you have very important data on your PC it's quite stupid to use Windows...

Reply Score: 0

finally...
by Anonymous on Wed 13th Jul 2005 04:43 UTC
Anonymous
Member since:
---

it's about time this issue is taken seriously and virus writers aren't treated lightly by our justice system. I kind of like the bounty hunting of virus writers so thumbs up for catching them this way. MS didn't think of viruses back then because there was no internet and not many viruses unless they made it to dev's box or spread thru sharing floppy disks around. Then after that it was too late to change the os from the ground up because of already existing huge user base that would be ticked off. Not to mention all the bounds checking sucking up resources that we didn't had back then. It's easy to criticize the past like in the case where we asked why not C++ back in 80's. Well, because runtime was too inefficient for hw of that period. No Java back then even if it was possible to conceive it.

Reply Score: 0

What a crock of shit
by Anonymous on Wed 13th Jul 2005 06:08 UTC
Anonymous
Member since:
---

From what I read, they were afraid that it will brake
their MS SQL if they apply the said patch. And that
it did happen before. So now we're back to MS's poor
OS design.


so none of these companies has a firewall, any routing equipment or anything. They all were just sitting there with their dicks in hand while the networks they administrated accepted RPC connections from any IP address.

Any business that was taken down by sasser had/has fucking morons for an IT department bottom line.

Sure MS has security issues but I'd still fire every motherfucker working in IS if I had a business that went down to due to something that was so easy to block.

Reply Score: 0

da truth
by Anonymous on Wed 13th Jul 2005 06:13 UTC
Anonymous
Member since:
---

anyone interested in the truth can read this...

http://radsoft.net/resources/rants/20050707,00.html

Reply Score: 0

I like the Mozilla bounty system better
by Anonymous on Wed 13th Jul 2005 09:45 UTC
Anonymous
Member since:
---

since it is pro-active, rather than reactive.

Reply Score: 0