I don't think I made my point very clearly. The guy they arrested today deserves EVERYTHING he gets and maybe more. I think the point I was making is they haven't caught the true culprit behind Blaster worm just some script kiddie who modified the existing code and tested it in a public place. We aren't talking about the sharpest tool in the shed. - Matt Matthew Bailey LAN Engineer CSK Auto, Inc. Voice: 602.631.7486 Fax: 602.294.7486 -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Friday, August 29, 2003 8:07 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OT: Loser found responsible for worm http://www.ISAserver.org The guy I want is all jackasses that propagate any such code; original or not. The code started with a group (name withheld by request) that spent weeks trying to prove a theory. What they did was deliver proof-of-concept code to MS as part of the security advisory. Once the details of the vulnerability were known, reverse-engineering it to code is fairly trivial for some conversant with that part of Windows. Yes, if this kid actually created and delivered Blaster.B, then let's make him taller. If we can find the jerk(s) that created the A, C, D and E versions, lets recover the oxygen they stole as well. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Bailey, Matthew" <MBailey@xxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Friday, August 29, 2003 07:54 Subject: [isalist] RE: OT: Loser found responsible for worm http://www.ISAserver.org Fair enough but still not cause to celebrate too much. The guy I want is the SoBig author. - Matt Matthew Bailey LAN Engineer CSK Auto, Inc. Voice: 602.631.7486 Fax: 602.294.7486 -----Original Message----- From: Bill Kuhn - MCSE [mailto:bkuhn@xxxxxxxxxxxxx] Sent: Friday, August 29, 2003 7:51 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OT: Loser found responsible for worm http://www.ISAserver.org Analogy - He was the second guy in line to gang-rape the girl. -----Original Message----- From: Bailey, Matthew [mailto:MBailey@xxxxxxxxxxx] Sent: Friday, August 29, 2003 9:34 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OT: Loser found responsible for worm http://www.ISAserver.org While I would love to see a public lynching, this kiddie was not truly responsible for the Blaster worm. The article reads: "The "Blaster.B" version of the infection, which began spreading Aug. 13, was remarkably similar to the original Blaster worm that first struck two days earlier; experts said the author made few changes, renaming the infecting-file from "msblast" to an anatomical reference." This kid only took the original code and modified it. He should still be prosectuted but he isn't the person that wrote the original. - Matt ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mbailey@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mbailey@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')