http://www.startribune.com/stories/789/4923066.html Randy Furst Star Tribune August 12, 2004 After months of negotiations between prosecutors and defense attorneys, a 19-year-old Hopkins man pleaded guilty Wednesday in U.S. District Court in Seattle to releasing a widely publicized Internet virus. But the plea agreement set the stage for what may be a larger legal battle on how much damage the virus did and whether Microsoft Corp. should shoulder some of the blame. Assistant U.S. Attorney Annette Hayes said she would ask for restitution in the millions of dollars for the "Blaster" worm that Jeffrey Parson sent out over the Internet last August. But defense attorneys maintain that Parson's virus caused far less damage than prosecutors contend. Under the agreement, he agreed to a prison sentence of between 1½ years and three years and one month. The 10-page memorandum lays out his admissions in the case, but it is apparent that major facts remain in dispute. The amount of restitution ordered could affect how much time he serves. Although federal law allows a judge to order restitution of more than $1 million, it does not necessarily mean that Parson, who lives with his parents in Hopkins, can pay it. "He works at a minimum-wage job," and he pays rent to his parents, said his lawyer, Carol Koller, assistant public defender. Prosecutor Hayes said she had not determined how long a sentence she will ask for within the perimeters of Parson's plea agreement. Either side can pull out of the agreement if it does not agree with the sentence imposed by U.S. District Judge Marsha J. Pechman, who presided at Wednesday's hearing. Parson was a senior at Hopkins High School when he was arrested. He has since graduated. Issues remain Sentencing was set for Nov. 12 when both sides are expected to lay out their sharply divergent views to Pechman. "There are two issues that remain open," Hayes said in a telephone interview. "How many computers were infected and how much damage that caused. "The government's position is that there were more than 48,000 computers that were infected by Parson's version of the MS Blaster worm. The government's position is that the Blaster worm in all its variants caused millions and millions in damage, both to individual computers and Microsoft, but in particular, Parson's version of the worm caused well more than $1 million dollars in damages." However, Koller said she disagrees. "We contest that," she said. "We ... believe that damage figures are far lower." She also challenged the claim that Parson is responsible for the large sum of money Microsoft spent to prevent its Web site from being disabled by Parson's virus. "One of the ... issues is how much Microsoft did in reaction to the Blaster worm they would have had to do anyway, even had there never been a Blaster worm," Koller said. "They had released a product that was vulnerable." Lou Gellos, a spokesman for Microsoft in Redmond, Wash., said Wednesday that he did not know how much damage Parson's version of the Blaster virus caused the company. "The prosecutor's office is working with our people at Microsoft on what those damages are," he said, "and this is a figure that will come out at sentencing." He said he also did not know how many e-mails Parson's virus generated in its attack. "It wasn't just Microsoft," he said. "It was a worm that infected many people's computers throughout the world." Parson's role According to court documents, Parson learned about a virus called the MS Blaster worm, which was designed to spread randomly and infect computers with a code that directed them to launch an attack on a Microsoft Web site called windowsupdate.com. The object would be to clog the site, causing people to get a notification denying them access. Parson obtained a new version of the worm, which came to be known by various names, including the "B" or "teekids" variant. It contained some "back-door software" that would allow him access to computers he infected at a later time. On Aug. 12, 2003, he transmitted the virus to 50 computers. It spread later to more computers, but just how many is in dispute. Those computers then launched their attack on Microsoft's Web site on Aug. 16. The worm, however, did not succeed in shutting down the Web site. Microsoft responded to the attack, and the plea agreement says the losses to Microsoft and the infected computers are at least $5,000. Koller, the public defender, said "everybody agrees" that the original Blaster worm did far more damage than Parson's version. Part of the issue will be how much of it can be laid at Parson's feet. It is not clear where he will serve his sentence. "We believe he would be eligible for placement in a federal prison camp," said Koller. Such camps are considered lower-security prisons. At the hearing, Pechman removed Parson from electronic home monitoring before his sentencing. He can leave home only to go to work, or to doctor's appointments, or if he gets permission from a pretrial services officer. _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Thu Aug 12 2004 - 02:46:22 PDT