US Attorney John McKay of Seattle said 18-year-old Jeffrey Lee Parson of Minneapolis was arrested and charged with one count of intentionally damaging a protected computer.
Parson allegedly created MSBlast.B, a variation that differed from the original worm mainly in that two files had been renamed -- one with Parson's screen name, "teekid" -- and a couple of profane messages aimed at Microsoft and Bill Gates had been added. The B variant achieved only modest distribution in comparison to the original worm and the recent D variant.
McKay said the B variant was a significant part of the continuing spread of the so-called Blaster worm. "We believe he is a key and significant player in the Blaster worm problem and that his arrest is a significant step forward," McKay said during a news conference. "This was a significant attack not only against Microsoft but against thousands of home computer owners and business computer owners."
The MSBlast worm attacks computers that are equipped with Microsoft's Windows software via a flaw in some versions of the operating system. Microsoft had issued warnings about the dangers of the flaw on July 16. The worm, also known as W32/Blaster and W32.Lovsan, began spreading 11 August.
In the first 24 hours, MSBlast turned up on an estimated 120,000 computers around the world, despite what was seen as relatively crude programming. The worm was able to spread rapidly, because many home Windows users and corporate information technology departments had yet to implement a patch made available by Microsoft in July.
FBI agents arrested Parson at his home early Friday morning, McKay said, and he appeared before a judge in the US District Court for Minnesota a few hours later. McKay said Parson was released under house arrest, with the condition that he not access the Internet. He faces possible penalties of 10 years in prison and $250,000 (£158,052) in fines if convicted.
The B variant infected at least 7,000 computers and caused damage to Microsoft computers that "significantly exceeds $5,000," according to the complaint. McKay disputed suggestions that the figures indicate Parson was a minor player in the overall Blaster problem, saying the complaint cites a deliberately limited estimate. "We're not prepared today to quantify what that harm is, but it's substantial," he said.
According to the complaint, FBI agents traced traffic the Blaster worm generated back to a Web site of a similar name to Parson's online alias. The site allegedly had source code for other worms, including one designed to spread via file-sharing networks.
Agents were able to trace the site back to Parson using a public database, according to the complaint. "I wouldn't characterise the work as being easy," McKay said, but "he obviously left clues."
Agents searched Parson's home last week, according to the complaint, seized seven computers and obtained a confession from Parson. "Parson admitted modifying the Blaster worm and creating the variant," according to the complaint. "Parson also admitted that he renamed the original 'MSBlast.exe' executable 'teekids.exe' after his online name 'teekid.'"
Neighbours interviewed by the Associated Press described Parson as a big kid who drove too fast, changed his hair colour often and spent a lot of time on his computers. Neighbour Curtis Mackey said the allegations surprise him. "I didn't think he had the smarts for it myself," he told the news service. "The profile kind of fits. He kind of liked to be alone a lot."
Earlier this week, FBI Director Robert Mueller said his agency was working alongside the US Department of Homeland Security and with state and local law enforcement offices to track down suspects.
Security software companies lauded the government's increased effort to bring virus writers to justice. Craig Schmugar, research engineer at Network Associates, said the FBI and other law enforcement groups have clearly been placing greater emphasis on pursuing hackers and other Internet criminals.
"This arrest sends a message to other people who might try to create new variants of existing viruses," Schmugar said. "This sort of thing isn't going to go unpunished anymore."
Schmugar said he was not surprised that the suspect is a teenager, as that would fit the industry profile of the average virus writer. According to demographics collected by Network Associates, virus activity tends to increase when school is in session and wane during the summer vacation months.
"But this was the summer from hell," Schmugar said.
Talkback
I WORK FOR THE STATE OF CA EMPLOYMENT DEVELOPMENT DEPARTMENT IN THE UNEMPLOYMENT BENEFIT SECTION AND THIS VIRUS HAD US OUT OF COMMISSION FOR 2 STRAIGHT DAYS, CAUSING EMPLOYEES STRESS AND CLMT'S STRESS. I THINK THAT 10 YEARS TO NOT ENOUGH TIME IN COMPARISON TO THE COST THAT THE STATE OF CA HAD TO ENDURE AND EMPLOYEE STRESS AND THE PUBLIC.