Second blaster suspect arrested

A student suspected of authoring the latest variant of the Blaster worm was arrested in Romania yesterday, according to an anti-virus company that says it helped police track the person down.

Softwin SRL, which is known for its BitDefender anti-virus product, said in a statement that 24-year-old Dan Dumitru Ciobanu, a graduate student at the Technical University in Iasi, Romania, was arrested after clues in the code of MSBlast.F led police to him.

The news came the same day as Jeffrey Parson, the man accused in the US of authoring the B variant of Blaster, spoke to the media for the first time since his arrest Friday to point out that the original author of the worm is still at large.

Softwin said that the F variant, discovered Monday, contained Romanian plaintext disparaging one of Ciobanu’s professors. The denial of service attack code, originally targeted at Microsoft, was updated to target tuiasi.com, the university’s domain.

The name of the executable had been changed from msblast.exe to enbiei.exe, anti-virus software vendors said. Softwin claims that Enbiei is a handle that Ciobanu used online in copyright notices.

Romanian authorities could not be contacted for information before press time. Softwin said that recently introduced Romanian law sets the maximum penalty for virus writing at 15 years imprisonment.

In the US, 18-year-old Parson could get as much as 10 years and a $250,000 fine if convicted of authoring the B variant, which was named teekid.exe. The FBI claims teekid, or t33kid, is Parson’s online handle.

Parson went on the record for the first time yesterday, talking to a producer for the NBC television station about his arrest last Friday. While the FBI says Parson admitted to modifying Blaster.A and releasing it, Parson would not discuss his involvement.

I am extremely concerned that the government is trying to make an example of me, he is quoted as saying. I understand that the government needs to catch someone for these crimes. I’m not the one they need to get!

Parson laid blame for the network mayhem at the door of the original author of the worm. Law enforcement has yet to reveal whether it suspects anybody of that crime, and if history is any guide, it will have a hard time tracking him down.

Parson was identified as a suspect because MSBlast.B contained a Trojan that registered itself with a hacking web site, teekid.com, which has its domain registered with Parson’s name and address.

Source: Computerwire

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing