The week began with car bombs in India that killed at least 50 and ended with a car bomb in Iraq that killed at least 95. For highlights of this and other news around the world, see the News Highlights, below. Car bombs will be discussed in next week's Feature Article, but this week focuses on a less deadly attack: the Blaster worm.

CONTENTS:

NEWS HIGHLIGHTS OF THE WEEK:

1. World
2. Africa
3. Americas
4. Asia Pacific
5. Europe
6. Middle East
7. South Asia
8. Cyberterrorism and Information Warfare
9. Finance
10 Human Rights
11. Law and Legal Issues
12. Transportation
13. Weapons of Mass Destruction
14. Recently Published

FEATURE ARTICLE:
Microsoft, Jeffrey Lee Parson, and the Worm

NEWS HIGHLIGHTS OF THE WEEK

1. World

The World Trade Organization has reached an agreement that will provide cheaper drugs to the world's poorest countries. The agreement allows import of generic versions of patented medicines without accusations of patent violations.

The International Ministerial Conference of Landlocked and Transit Developing Countries was held last week. In a week of intensive negotiations, delegates established a framework for cooperation that can help reduce bureaucracy and transportation time and costs. Transport services for landlocked countries consume an average of 15 percent of earnings, more than five times that of developed countries.

North Korea says it must increase its nuclear deterrent as a measure of self-defense. The continued threat follows inconclusive multilateral talks that took place in Beijing and may continue in the future, although North Korea sees no purpose in them. The US continues to review its options, including military means.

A public outpouring of thousands of mourners began a 3-day funeral for murdered Iraqi cleric Ayatollah Mohammed Baqr al-Hakim. There was both grief and anger at his death and the US occupation has been blamed for the increasing lack of security. Ayatollah Hakim was killed in the Kadhimiyah mosque car bomb, immediately after delivering a message of peace and moderation. Members of the Iraqi governing council and governments around the world have warned of a possible alliance of disparate Islamic militant groups fighting a common enemy with Saddam loyalists and, in turn, the growing threat of instability. The increasing threats and growing costs have led the US to ask for international support, but as yet they have made no concessions that would encourage broader participation in the governing coalition.

As doubts over the use of intelligence leading up to the war in Iraq roil, the Observer has found an unpublished article by weapons expert David Kelly, whose death is now under investigation by the Hutton inquiry in the UK. The article says the threat was modest but that only regime change could assure disarmament. For the article and other details see
http://observer.guardian.co.uk/politics/story/0,6903,1032698,00.html
http://observer.guardian.co.uk/politics/story/0,6903,1032773,00.html
http://observer.guardian.co.uk/hutton/0,13845,1027691,00.html

2. Africa

The Southern African Development Community (SADC) has launched a non-binding mutual defense agreement to help prevent conflict. SADC also called for lifting sanctions against Zimbabwe as having a negative impact on the people of Zimbabwe and on the region as a whole.

Burundi marked the third anniversary of the Arusha peace accord, but fighting between rebel groups has continued with few repercussions.

Botswana has installed Mosadi Seboko as its first tribal paramount chief.

Following border clashes, the Central African Republic has requested they revive the border security commission with Sudan.
In the Democratic Republic of Congo, French peacekeepers have been reinforced with a multinational UN force with a broader security mandate.

Thousands of illegal immigrants, mostly Ethiopians and Somalis, have left Djibouti following a security crackdown incited by US authorities that are using the country as a strategic base. A Sunday deadline had been imposed for illegal immigrants who were forced to leave, register for asylum at a refugee camp, or to be deported.

The future of Guinea-Bissau is described in "Hopes for the future depend on clean elections" http://www.irinnews.org/print.asp?ReportID=36171

Ivory Coast rebels of the Ivory Coast Patriot Movement (MPCI)/New Forces have killed two French soldiers who were on a peacekeeping patrol. The rebels opened fire in a drunken argument. About 30 people, including several senior army officers, have been arrested for allegedly planning to assassinate President Laurent Gbagbo.

Kenya has lifted a ban against the Mau Mau that had been banned by British colonial authorities. Their Land and Freedom Army was part independence and part civil rebellion and will now be allowed to register as a society

Liberia has experienced a serious upsurge in fighting in the northeast, killing large numbers of civilians, forcing thousands to flee, and disrupting relief work. The peacekeeping force of 1,500 Nigerian and 700 other West African troops is large enough only to secure the capital Monrovia. US Marines that had been stationed offshore for 11 days have been withdrawn.

Libya has agreed to compensate relatives of those killed in the 1989 UTA bombing, paving the way for UN sanctions to be lifted. The Gaddafi International Foundation for Charitable Organizations may also pay compensation to victims of the Berlin disco bombing of 1986.

Clashes between rival Muslim groups in Mali have killed at least ten people.

Ethnic fighting in Nigeria's oil-rich Niger Delta has continued, claiming at least ten lives.

Rwandans voted in the first elections since the 1994 genocide. Although there was a degree of government intimidation and fraud, the high turnout over 96 percent helps mark a significant milestone towards recovery. Incumbent president Paul Kagame won 95 percent of the vote, a result being contested by the opposition.

Somalia's interim constitution has gone through its first reading and negotiations continue. In the self-declared Puntland, authorities freed seven Pakistanis that had been held on suspicion of terrorism after finding the charges were unfounded.

Uganda has accused Sudan of sheltering and arming rebels of the Lord's Resistance Army.

Zimbabwe has ended price controls for fuel, adding increased inflationary pressures.

3. Americas

The UN reports that more than 40 percent of the population of Latin America lives in poverty and projections indicate that, due to lack of growth in gross domestic product, this number will increase.

Argentine judge Rodolfo Canicoba will have to free 40 Argentine officers charged with human rights abuses following a decision by the Spanish government to override the court's extradition of the men to face charges in Spain.

Brazil's record of police violence and corruption has been documented in an Amnesty International report, "Rio de Janeiro 2003: Candelaria and Vigario Geral 10 years on" that finds little has changed on the tenth anniversary of two civilian massacres, in which 621 were killed by police.
http://web.amnesty.org/library/print/ENGAMR190152003

Brazilian government inspectors have freed nearly 850 workers held as slaves on a coffee farm. The crackdown against slave labor has freed more than 2,000 workers so far this year. For more on the status of Brazil's social policy see "Targeting the poor" in The Economist, August 16.

Canada's detention of 19 terrorist suspects is raising legal and political questions in a debate over anti-terrorism legislation. The suspects have been detained without charge and government attorneys have requested this continue because of alleged links to al Qaeda and plans for attacks. This position was contradicted by police statements that they had found no terrorist threat in Canada related to the investigation. Two of the 19 have been released on bail. All face immigration charges and possible deportation.

Escalating the threat, Colombian rebels of the Revolutionary Armed Forces of Colombia (FARC) and National Liberation Army (ELN) have joined forces to defeat the government and have ruled out any peace negotiations. A remote-controlled explosion on a boat has killed seven and injured 38.

Colombian hostage and former presidential candidate Ingrid Betancourt delivered a videotaped message calling for a rescue mission to free her and other hostages held by the FARC. Launching a rescue attempt would be controversial and risky, but there could be move towards a prisoner release or exchange.

Peru's Truth and Reconciliation Commission has issued its final report after a 2-year investigation into violence during the 20-year war between the government and Shining path rebels. In nine volumes, the report details testimony of the people affected, and finds that nearly double the previous estimate -- 69,000 people -- were killed or disappeared. Of the 23,900 confirmed dead, 54 percent were killed by Shining Path, 30 percent by security forces, and the remainder presumed killed by civilian militias of the Tupac Amaru Revolutionary Movement (MRTA) guerrillas. Three-quarters of the victims were indigenous Andean Indians. The others who disappeared are presumed dead. For more background see
https://terrorismcentral.com/Newsletters/2003/061503.html

The US General Accounting Office has released another report indicating the need to improve information sharing. This report was based on a survey of federal, state and city officials. http://www.gao.gov/cgi-bin/getrpt?GAO-03-760

In San Francisco, California, two homemade bombs exploded at biotech company Chiron Corp. Animal rights activists are suspected.

The Port Authority of New York and New Jersey has released transcripts of the radio and phone communications received after the September 11 attacks.
http://www.panynj.gov/pr/pressrelease.php3?id=406

The FBI has launched an internal investigation into the lab work performed for the Oklahoma City bombing in 1995.

US authorities are investigating the death of Brian Wells, a Pennsylvania pizza deliveryman who died when a bomb strapped to his chest went off. He was arrested after a bank robbery and told police that he had been forced to rob the bank by someone who had attached the bomb, which detonated before the bomb squad arrived to disarm it.

Venezuela's Supreme Court has appointed a 5-member electoral council that could be a step towards solving the political impasse over the possible referendum on President Hugo Chavez.

4. Asia Pacific

International Crisis Group has published a new report on Jemaah Islamiah including new findings regarding its origins and organizational structure.
http://www.crisisweb.org/projects/showreport.cfm?reportid=1104

Burma's military government has announced a plan to restart a national convention to progress towards elections. There is no timetable for the release of opposition leader Aung San Suu Kyi, amid unconfirmed reports that she has gone on hunger strike.

Cambodian election authorities have confirmed that the ruling Cambodian People's Party has won 73 of the 123 seats in the National Assembly. Short of a majority, negotiations to form a coalition government are under way.

In the Papua province of Indonesia unrest over a proposed administrative division of the region into three groups has led to attacks and street fighting that has killed four.

Indonesia will be allowed to question terror suspect Hambali who is held in US custody. Australia, Malaysia, the Philippines and Singapore have also asked for access to the suspect.

5. Europe

Corsica has seen a dramatic increase in bomb attacks, including an attack this week using three bombs against a prison, allowing the escape of four inmates. Three unexploded bombs were found after a warning call from a Corsican National Liberation Front (FNC) splinter group. France has promised to increase security.

In southern Russia, near the Caucasus, a series of three nearly simultaneous bus-stop bombs have killed three and injured 17. In Dagestan, a bomb placed on his car killed the information minister.

The Spanish government has overridden the court-issued extradition of 40 suspected Argentinean officers accused of torture and other human rights abuses against Spanish nationals. Unless the extradition proceeds, the Argentine judge will have to free the suspects.

In Northern Ireland, the body of Jean McConville has been discovered, thirty years after she disappeared. She had been taken from her home by an IRA punishment squad and murdered because she comforted an injured British soldier. Others who disappeared remain missing. See http://news.bbc.co.uk/hi/uk_news/northern_ireland/3189437.stm

Sinn Fein has backed a proposal for an inquiry into the 1972 Claudy bombing in which nine people were killed and the bombers were never caught.

6. Middle East

Twenty-five years ago in "Two Weeks at Camp David: There was no love lost between Egypt's Anwar Sadat and Israel's Menachem Begin. But at the very brink of failure, they found a way to reach agreement". This article, by Bob Cullen, in the Smithsonian Magazine, September
http://www.smithsonianmag.si.edu/smithsonian/issues03/sep03/camp_david.html

Iran has called on the UK to release Hadi Soleimanput, former Ambassador to Argentina, who has been arrested on an Interpol warrant in connection with a 1994 bombing. Iran severed ties with Argentina and has twice summoned the UK charge d'affaires to demand his release and an apology. Iran has denied any connection with the bombing and suggests this is a step to increase pressure over its nuclear program and detention of al Qaeda suspects.

Iran has increased cooperation with the International Atomic Energy Agency (IAEA) but IAEA reports traces of enriched uranium and that they are unable to determine the nature of Iran's nuclear programs.

Two Iranian interrogators have been arrested in connection with the death of Canadian journalist Zara Kazemi.

August 29 was the latest and most devastating of the car bomb attacks in Iraq, devastating the Kadhimiyah mosque that contains the shrine of Imam Ali as well as the neighboring market. In this case, the third in less than a month, at least 95 were killed, including prominent cleric Ayatollah Mohammed Baqr al-Hakim. Iraqi police are investigating and have suggested the explosives used were the same as used in the August 7 Jordanian Embassy bombing and the August 19 bombing of UN headquarters. (The latter also contained Soviet-era munitions.) The car had been parked for as long as 24 hours and was detonated by remote control while religious ceremonies were underway. Ayatollah Hakim may have been deliberately targeted, as a prominent moderate willing to work with occupation forces.

Daily attacks and counterattacks continued throughout Israel and the occupied territories. Hamas vowed vengeance for the four Palestinians killed in an Israeli missile strike on the 24th. They have launched a number of rocket attacks to which Israel has responded with missile strikes that have resulted in dozens of casualties. Israeli undercover troops seized two members of the Al Aqsa martyrs Brigade from their beds in the intensive care unit in a Nablus hospital. Israeli tanks and bulldozers launched a 2-day raid in the northern Gaza strip, flattening orchards. On Saturday an Al Aqsa Martyrs Brigade gunman shot dead a Jewish settler in the West Bank. On Sunday, Israeli troops conducted their fifth assassination in the last ten days, an airstrike that killed two Hamas militants travelling in a van, and in a separate incident fired tank shells in the Gaza Strip killing an 8-year-old girl. Palestinian security forces began to crackdown militants in the Gaza Strip, but Israeli military initiatives and reinforced checkpoints have made such efforts difficult.

Lebanon has received the bodies of two Hezbollah militants, one killed in 1998 and one in 1999, from Israel. This is a step in ongoing negotiations that may later include a prisoner exchange.

Saudi Arabia has signed a trade agreement with the EU and may join the World Trade Organization as early as next year. Saudi Arabia and the US have announced a joint anti-terrorism initiative to combat terrorist financing.

Palestinian leader Yasser Arafat appointed a new national security advisor in a challenge to Prime Minister Abbas and a reminder to the US that he cannot be sidelined. Arafat's call for a ceasefire has been ignored.

7. South Asia

In Afghanistan, a weeklong campaign of bombing and ground attacks by both US Special Operations and Afghan soldiers have killed dozens of alleged Taliban. The fighting follows a series of deadly military attacks against Afghan forces, government and aid workers. On a positive note, BBC News reports that "A legendary cache of gold and other valuable items has been shown to have survived Afghanistan's civil war and Taleban rule".
http://news.bbc.co.uk/2/hi/middle_east/3193091.stm

Four Afghan refugee camps at the Pakistan border, housing 50,000, will be closed and the refugees relocated to another camp or repatriated.

Bangladesh opposition leader Manzurul Imam, president of the Awami League, was shot dead as well as the person pulling the rickshaw in which Imam traveled. Two other people were injured. The banned Purbo Banglar Communist Party (Janojuddha) has claimed responsibility. Nine suspects have been arrested. Awami League supporters rioted, attacking offices of the ruling party and its leaders and thousands attended the funeral.

Two powerful car bombs containing RDX exploded in Bombay, India, killing more than 50 people and injuring more than 150. The explosions took place at a jewelry market and top tourist attraction, the Gateway of India. The stock market was temporarily knocked out. Islamic militants, possibly from Pakistan, possibly affiliated with Lashkar-e-Toiba, are suspected, as are criminal gangs, possibly colluding with international terrorist networks. India has delayed further diplomatic rapprochement with Pakistan until measures are taken against militant groups. There have been a number of similar attacks this year, including bombs on buses and trains. Thousands of Hindu nationalists marched in a silent protest against the attacks. Police have arrested several suspects.

Police in Delhi found a bag containing 20 kg of explosives in an unclaimed bag at the main railway station. In a separate incident, a gunbattle killed two suspected militants of Jaish-e-Mohammad suspected of involvement in the 2001 attack on the Indian parliament.

Calcutta has been warned that its drinking water is contaminated with human excrement, largely stemming from leaking sewage.

Excavations of Ayodhya in Gujarat were completed and the report of the Archaeological Survey of India has issued its court-ordered report. The report indicated there had been 11th century temples, but did not specify a type. Independent archaeologists and historians are filing objections to the report in court, believing that rather than being a Hindu temple, the earlier structure is another mosque. Ayodhya has been an explosive issue in Indian politics for more than a decade, highlighted by 1992 Hindu riots against Muslims that killed more than a thousand. This report has in no way eased the tensions.

In Indian-administered Kashmir, a siege ended in a gun battle between police and militants that ended in four deaths. Guerilla group al-Malsuran claimed responsibility.

In Nepal, peace talks have broken down and a number of violent clashes have taken place. In one incident, ten Maoist rebels were killed. Former Prime Minister Deuba has survived an assassination attempt. Another rebel attack killed a senior army officer and injured a second.

A UN study has revealed that only 56 percent of the population have access to safe drinking water. Water woes -- and potential wars -- are discussed in "Averting Aindh-Punjab water wars" at http://www.irinnews.org/print.asp?ReportID=36200

Pakistani authorities raided an Islamic seminary near the Afghan border and detained 26 suspected Taliban and some weapons. The Iris Verification Center in southwest Pakistan will close due to the seasonal decline in refugees and will be served instead by a mobile unit.

Sri Lanka's government will invest $180 million to strengthen the rural economy, improve transportation and power, and create jobs, following the ceasefire with the Tamil Tiger rebels.

8. Cyberterrorism and Information Warfare

California has enacted a financial privacy law that required customers to opt-in before information is shared externally and gives consumers more control over information shared within divisions of a corporation.

According to Mi2g " $32.8 billion of economic damages have been calculated for August as a result of overt and covert hacker attacks as well as malware - virus and worm - infections. $29.7 billion of economic damages worldwide are traced back to Sobig alone - the largest damage amount directly attributable to one type of malware or hacker incidence...." (http://www.mi2g.com).

Matthew French reports "Navy purchase cards hacked" in Federal Computer Week, August 25
http://www.fcw.com/fcw/articles/2003/0825/news-navy-08-25-03.asp

Online retailer Amazon has filed lawsuits against 11 firms charged with spoofing its name and identity to sell fraudulent products via email.

9. Finance

Police in Northern Ireland have broken up a loyalist paramilitary drug ring.
http://news.bbc.co.uk/hi/uk_news/northern_ireland/3194689.stm

The European Union will discuss extending a ban on funding for Hamas' military wing to its political and humanitarian sections on September 5. Such a ban is unlikely because of the impact on Palestinian humanitarian aid. Meanwhile, the UK Charity Commission has frozen the assets of the Palestinian Relief and Development Fund (Interpal) that has alleged links to Hamas militants. Palestinian authorities froze bank accounts of nine charities operating in the Gaza Strip they say funnel money to militants. These nine are not the same as the list of Hamas charities and individuals listed in President Bush's executive order last week. Palestinians demonstrated against the measure.

Interpol has issued an international arrest warrant for Abdelmoumen Rafik Khalifa, a prominent Algerian businessman with alleged ties to the military regime, wanted for money laundering.
http://www.interpol.int/public/Wanted/Notices/Data/2003/96/2003_13596.asp

Saudi Arabia has agreed to allow investigators from the US Federal Bureau of Investigation and Internal Revenue Service to be stationed in the country, as part of a joint terrorist financing task force.

Michael M Phillips reports on moving money in Iraq in the "Money Trail: Getting Cash to Karbala Via Ambush Alley" in The Wall Street Journal, August 26.

10. Human Rights

The UN Security Council unanimously adopted a resolution declaring that attacks against aid workers are considered war crimes. The resolution had been delayed because the US insisted on removing a reference to the International Criminal Court, which was replaced with a general reference to existing laws.

Mexico's office for human rights has been closed and the under secretary dismissed. This has been viewed as a setback to human rights issues in Mexico, including efforts to investigate past military abuses.

Hassan Jallow, a former Gambian Supreme Court judge, has been appointed as chief prosecutor for the International Criminal Tribunal for Rwanda, replacing Carla Del Ponte. Ms Del Ponte continues as the chief prosecutor for the Yugoslavia tribunal.

11. Law and Legal Issues

Steven J Hatfill, former army bioweapons scientist, has sued the US Attorney General and other law enforcement officials for harassment, violation of privacy and preventing his employment in connection with their continued investigation into the October 2001 anthrax letters

Gregorio Honasan, Philippine opposition senator, has come out of hiding to face rebellion charges in connection with the July 27 mutiny.

Miodrag Jokic, former Yugoslav admiral, has pleaded guilty to war crimes for the bombing of Dubrovnik in 1991, killing 43 civilians. He will be sentenced later.

Amir Khan, Ramin Malique and Zubair Khan have been arrested on weapons charges in connection with the Dover security alert that closed traffic for seven hours on Friday. Weapons were found in their car, arriving from Calais.

Yong Ki Kwan, Khwaja Mahmood Hasan and Thomas Abbenante, alleged members of a Virginia-based terrorist cell, have pleaded guilty to conspiracy, gun and training charges.

Samuel Santander Lopesierra, a/k/a "Marlboro Man", a former Colombian Senator, has been extradited to the US on drug smuggling charges.

Former Argentine President Carlos Menem and his colleague former economy minister Domingo Cavallo have had charges of illegal arms shipments dropped but other charges are still under investigation.

Zacarias Moussaoui, the alleged "20th hijacker" has been granted access to al Qaeda leaders Khalid Sheik Mohammed and Mustafa Ahmed Hawsawi in connection with his defense. Federal judge Brinkema issued the ruling that is being challenged by the government.

Abdelghani Mzoudi, on trial in Germany as an al Qaeda leader, will request testimony from al Qaeda member Khalid Shaikh Mohammed, who is in US custody.

Ange-Felix Patasse, deposed president of the Central African Republic, is charged with murder and other offenses under an international arrest warrant issued by the CAR government.

Pierre Robert, a French national also known as Abou Abderrahmane, has appeared in Moroccan court with 34 other accused in connection with the May Casablanca bombings.

Iranian diplomat Hade Soleimanpour has been denied bail in Britain while waiting for a decision regarding an extradition request from Argentina. Iran has offered a GPB500,000 surety and may implement diplomatic retaliation against the UK for countenancing the extradition request that has been issued in connection with the 1994 bombing of a Jewish community center.

12. Transportation

A major security alert at the British port of Dover was closed for seven hours after an X-ray inspection revealed a stash of illegal weapons in car. Initially three men were held under the Terrorism Act, but it is now being treated as a criminal case.

Cargo security remains a huge challenge, but options ranging from electronic seals to detection equipment contribute to a solution. See "Containing Terror" in Technology review, September
http://www.technologyreview.com/articles/innovation20903.asp

The US General Accounting Office finds that internal controls for Air Force foreign military sales are inadequate and permit the unauthorized shipment of classified and controlled spare parts abroad.
http://www.gao.gov/cgi-bin/getrpt?GAO-03-664

13. Weapons of Mass Destruction

The US Army has established the Institute for Collaborative Biotechnologies to undertake biotechnology research applied to sensors, computing and new materials. Work will be led by the University of California at Santa Barbara, along with the California Institute of Technology and the Massachusetts Institute of Technology.
http://www.aro.army.mil/biotech/

Smallpox vaccine supplier Acambis has had to delay shipment of stocks to the US while reviewing label designs.
http://www.acambis.com/default.asp?id=593

The National Academies and Institute of Medicine have written to US Attorney General Ashcroft to protest treatment of Dr Thomas C Butler, a plague researcher facing charges of smuggling bacteria. The Academies say Dr Butler has been treated too aggressively and will have negative repercussions on other researchers.
http://www.washingtonpost.com/wp-dyn/articles/A56417-2003Aug27.html

Ian Frazier writes of "The Unsettling Legacy of General Shrapnel: Why no one remembers the man who invented one of history's deadliest weapons" in Mother Jones, September/October.
http://www.motherjones.com/toc/2003/36/ma_526_01.html (paid content)

David Hambling describes "Gamma-ray weapons could trigger next arms race: A third class of weapon that crosses the line between nuclear and conventional explosives could dramatically change the global balance of power" New Scientist August 16
http://www.newscientist.com/news/news.jsp?id=ns99994049

14. Recently Published

Joseph Braude "The New Iraq" Basic

Jean-Pierre Chretien "The Great Lakes of Africa: Two Thousand Years of History" Zone

Anthony Cordesman "Saudi Arabia Enters the Twenty First Century" Praeger, 2 vols

Bob Crew "The Beheading and Other True Stories: The Shocking Investigation into the barbarism of Modern-Day Saudi Arabia" Metro

Michael Curtis "Verdict on Vichy: Power and Prejudice n the Vichy France Regime"

Michael Ignatieff, "Charlie Johnson in the Flames" Chatto

Bernard-Henri Levy "Who Killed Daniel Pearl?" Melville House

C. Ford Runge et al, "Ending Hunger in Our Lifetime: Food Security and Globalization" Johns Hopkins

FEATURE ARTICLE: Microsoft, Jeffrey Lee Parson, and the Worm

This month was marked by a new generation of malicious computer code notable for the lightening speed of infestation. Computer networks around the world were congested with maliciously infected spam emails. Hundreds of thousands of individuals and companies had to rush to download new code fixes and repair the damage. Some organizations were briefly closed by virulent attacks including the Maryland Motor Vehicle Administration, Air Canada, CSX Corporation, Yorkhill Hospital, Federal Reserve Bank of Atlanta, Philadelphia City Hall, BMW, TeliaSonera, and many others.

The Blaster worm was one of these serious attacks. In common with the others, it exploited vulnerabilities in Microsoft Windows computers. The vulnerability was rated critical by Microsoft. The code caused repeated crashes and downloaded malicious code programmed to launch a distributed denial of service (DDOS) attack.

Soon after its release, variants were found: W32.Blaster.Worm, W32.Blaster.B.Worm, WORM_MSBLAST.B, MSBLASTER, Win32.Poza.C, W32/Lovsan.worm.c, Worm.Win32.Lovesan, Blaster-B, Blaster-C

Blaster relied on a network flaw to execute, rather than email attachments. It was fast, at one point finding uninfected machines in only 30 seconds, (a record since broken). It, and its variants, used multiple levels of timed attacks directed against multiple domains.

However the most surprising outcome of Blaster has been the speed at which one of the perpetrators has been identified and arrested. Although there are some 80,000 known viruses, less than a dozen of their authors have ever been prosecuted. Jeffrey Lee Parson has become the latest of their number.

The arrest warrant and deposition prepared by David Farguhar, Special Agent with the US Federal Bureau of Investigation (FBI) describes the nature of the attacks and how evidence was gathered and used to identify the perpetrator.

Microsoft provided initial details:
"On or about August 14, 2003, Microsoft became aware of several variants of the Blaster code. One particular variant was referred to by the Internet security community by a number of different names including... Lovesan B .... Microsoft engineers disassembled the code and were able to understand what this variant does. Lovesan B contains a variant of the Blaster worm, renamed 'teekids.exe'. This variant code is functionally equivalent to the Blaster code... but it contains some slightly modified message strings. In addition, Lovesan B installs a back door... on the infected computer. The back door, known as 'Lithium', allows remote control of the system. Finally, Lovesan B contacts the web site www.t33kid.com. It then registers itself with a computer script residing on the web site by providing its IP address to the site."

The FBI traced the domain name and examined the web site. The examination "revealed that the web site contained the programming source code for multiple Internet worms. These worms included one peer-to-peer worm that spreads via Kazaa and Imesh file sharing. Also on the web site were multiple links to various other web sites... [that] offer various back doors that can be downloaded, distributed, and used."

The investigation also identified the web site's internet connection provider that in turn led identified the site host. The host "stated that he had communicated with 'teekid' on multiple occasions over Internet Relay Chat (IRC)... [and] that he knew 'teekid' had performed Dos [Denial of Service] attacks and had written various Internet worms". He also provided the IP address that the FBI then traced to another computer, registered to Jeff Parson and accessed through a DSL service. The FBI also contacted ChoicePoint's online database and verified address and identity information.

Following this information, a search warrant was issued and seven computers located in the parson house were seized. Forensic analysis is under way.

Jeffrey Parson was interviewed during the search and admitted he had created the Blaster variant and explained that he included back door remote access software so that he could reconnect to the infected computers at a later time. In addition, in order to maintain a list of compromised computers, he included code that directed each of the infected computers to contact his website and register itself.

Jeffrey Parson has been charged with one federal count of Intentionally Causing and Attempting to Cause Damage to a Protected Computer. If convicted, he faces up to ten years in prison and a fine of up to $250,000. He has been granted bond and placed under house arrest with an electronic monitor and no computer or internet access.

The US Attorney prosecuting the case, John McKay, has said that Parson will be prosecuted aggressively to deliver a warning message to other crackers. But will it?

This arrest was the result of carelessness, not superb police work or cutting-edge computer forensics. Parson not only failed to disguise his tracks, but bragged about his work on his own web site. In the annals of 'dumb criminal' stories this is like robbing a store and depositing the money in your own bank account, then returning to the store to pick up the wallet you'd left behind.

In another context, while Blaster infected over 500,000 computers worldwide with estimated damages in excess of $1 billion, Parson's variant infected about 7,000, with damages of perhaps $5-10 million. This damage was attributed to investigation and software repairs and was not particularly malicious. For instance, no data was damaged. If an amateur attack like this can cause this level of damage, just think how much worse a professionally constructed attack could accomplish. Furthermore, ask whether and how quickly such an attack would be detected.

Making an example of a "script kiddie" won't deter professional crackers. Investing in secure infrastructures, holding software companies accountable for security and arresting the professionals would.

Additional Resources:
* CERT Advisory
http://www.cert.org/advisories/CA-2003-20.html
* F-Secure
http://www.europe.f-secure.com/v-descs/msblast.shtml
* Internet Security Systems
http://xforce.iss.net/xforce/alerts/id/150
* Microsoft
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp
* Network Associates
http://vil.nai.com/vil/content/v_100547.htm
* Panda Software's Virus Encyclopedia
http://www.pandasoftware.com/virus_info/encyclopedia/
* Sophos
http://www.sophos.com/support/disinfection/blastera.html
Symantec
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html
* Trend Micro http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MSBLAST.A
* US Department of Homeland Security Advisory
http://www2.fedcirc.gov/advisories/FA-2003-20.html

How to Contact Us: