Microsoft Drops Blaster Author's Fine

bevo noted that Microsoft has dropped their fine against the author of the Blaster worm that DDoS'd Microsoft's web sites and hijaacked 50,000 computers. 225 hours instead of a 500k fine. $2200/hour seems like a good deal to me ;)

Re:A "Get Out of Jail Free" card!

[poopdeville]

Uh, not really. TFA said that he was sentenced to 18 months in prison and 10 hours of community service.

And in the meantime...

[The Ultimate Fartkno]

...50,000 people with pwn3d boxes get absolutely nothing. I can't decide if that's complete injustice or exactly what they deserve.

The real reason...

[Sebilrazen]

Billy boy dropped the fine was that he saw some of himself in the boy, totally ripping off someone elses work, rebranding it and sending out the door. It was just a variant, wasn't it?

Re:And in the meantime...

[Fjornir]

If you had a box that caught blaster there is nothing preventing you from taking this kid to civil court for damages.

Re:Drops the fine?

[Eradicator2k3]

That was *probably* a poor word choice. I would imagine that the $500K "fine" actually was damages awarded to MS. MS does have the option to recommend that the court replace the awarded damages (of which they would only see a fraction) with community service. IANAL, however and this is mere speculation on my part.

Re:Drops the fine?

[Hollins]

If you look at the power wielded by the BSA [bsa.org], of which Microsoft seems the biggest beneficiary, it's clear that for all practical purposes, Microsoft is the government.

Re:Microsoft, the good guy

[InfiniteWisdom]

I'm glad you think that way. Tell me where you live and break in to your home. Its your fault for have breakable glass windows or whatever other vulnerability I exploit to get in, so I shouldn't be punished if I get caught.

Nice move, nice PR.

[kosmosik]

Really. They just got some good press. And it is better to have good press worldwide that to have some teen own you $0,5M which he probably would never pay to them at all...

Re:Strange

[InfiniteWisdom]

Trying to extract $500k from a 19yo kid would probably fetch them more bad press than any actual compensation they would receive. Instead they come across as being compassionate and understanding. Nothing strange about it... just a good PR move (which we all know has always been their primary strength)

Re:MICROSOFT MAKES SUPERIOR SOFTWARE

[Anonymous Coward]

Not superior software, superior service plans formerly but now only the market presence created by its history and effective monopoly status in the US keep the firm gaining income with any advantage over other PC software firms.

Re:Drops the fine?

[tomhudson]

Ok stupid, if you had a brain you'd realize this was damaged awarded to MS due to downtime and such.

So the kid should have included an MS-style EULA with his worm variant, and his liability would have been limited to the lesser of $5 or the price paid for the software ($0).

What's good for the goose is good for the gander - when is Microsoft going to pay for all the downtime their crap causes?

It was surely not a fine

[EmbeddedJanitor]

My understanding of "fine" is that of a penalty imposed by the state in a criminal case. In the case of a civil action I think the term "damages" is used.

Microsoft is getting pretty big and powerful and can push the DOJ around, but I don't think they're yet in the position to fine people.

mental health

[micromuncher]

The defense argued that Parson suffered from mental-health problems.

Writing a virus takes a fair bit of know-how... the article states he was immature and had a bad family life.

Maybe its just an example of a bored kid doing something with bragging rights.

Immature or not, there was intent and dedication, and if he's smart enough to write and deploy, he was smart enough to know it was wrong.

$2200/hour is a steal to many companies

[Douglas Simmons]

The blaster virus must have been the single best thing to happen to the antivirus software industry. And not just the companies in that particular subsector either. Security from viruses, spyware, popups and hacking in general has become a fear around which many companies have started marketing themselves. Take AOL's latest ads, or even non Internet operations like credit card companies and their new gimmick innovations against identity theft.

Just like how Bush has been accurately criticized for capitalizing on fear to push his agenda, many companies are now benefiting from fear in this context. Hell yes it was a bitch to deal with Blaster and friends, but I got paid cash money to remove it from a lot of people's computers. One time got some ass from it. So to those of us who are fans of capitalism and consumerism, or ass maybe, this is a Good Thing, and the economy has been helped more than it has been hurt by crap like this.

Re:Microsoft, the good guy

[InfiniteWisdom]

Quite possibly. I'm not defending Microsoft. I'm arguing that just because Microsoft's software is buggy doesn't make mean that people who explot those bugs are any less culpable.

Re:Microsoft, the good guy

[Anonymous Coward]

...which is totally irrelevant to the original point. You're trying to force use to accept a false dichotomy.

People who exploit bugs: at fault.
People who make bugs to exploit: also at fault.

That simple enough? It can be both.

I may not like Microsoft

[DaFitzMan]

but kudos to them for being human on this.

Re:Not a good deal -- to me.

[javajawa]

If all the worm/virus/adware/hijack/root kit etc. writers and those others were to disappear tomorrow, then we'd still be left with all the shoddy programming that was initially left in the programs. These exploits point out the tip of an iceberg which, unchecked, would allow unscrupulous people in power to abuse the users.

Re:Microsoft, the good guy

[InfiniteWisdom]

Firstly that's not true, because nobody advertises their open ports... blaster and the other worms probe addresses, look through address books etc. and run scans and probes to find vulnerable computers. Secondly, even if you did that, nobody who stals stuff from your home can use that as a defense. Its unlikely that the cops would spend any effort to find the thief, since you acted so stupidly, but if the person were caught somehow they're still culpable.

That really depends...

[WebCowboy]

So are you some kind of hotshot that can get any computer up and going in a vew minutes to an hour? Well, any monkey can format and re-install or restore-from-ghost in very short order, but in my experience it is those technicians that people call "useless" when they get their "fixed" computers back without properly configured drivers and all their email and data since their last weekly backup wiped out (if the said user is swift enough to even do a weekly backup).

In the corporate world competent techies have made it easy for themselves. They probably deal with a fleet of identical Dells, each issues with a standard ghost image, scripts up the wazoo, something like Altris or other big brother software do roll out updates/config changes, etc etc etc.

OTOH, 4.5 hours to clean up a machine is actually a realistic high-range estimate when you are talking about some of the personal computers or PCs at mom-and-pop operations out there like "nerds on site" and the like must see. I imagine they see everything from PIIs to the latest screaming PIV from any number of builders out there, and some of them are probably slapped together with leftover components too. These users don't have an image to restore to--unless you count the "rescue CD" if they haven't managed to lose it...they might not have any OS install CD at all! And backups? HAH! I've found you're lucky to even have weekly backups. And no matter how trivial their files look, all these users want to save as much as possible. These users are also rather undisciplined in their own maintenance. The worms and viruses are one thing--prepare to spend some time getting rid of adware attached to weather bugs, comet cursors, chat smileys and "free" P2P programs.

In any case, if you average it out you might spend 2 hours per machine. I'd say that for how much damage Blaster-variants caused this guy got off lightly--even including the hours he will spend in jail. I suppose, though, that suing someone who is broke for a half-million is pretty pointless. I DO like the idea of making the guy shovel elephant poo for a month as a substitute.

I do try to be optimistic though--one good thing is that this whole Blaster debacle brought to light the security crisis in Microsoft products. To this day, an unpatched win2k or pre-sp2 winxp machine will become infected within minutes when hooked up directly to a typical high-speed internet connection. It seems unfortunate that some jackass had to pull a stunt like Blaster before anything serious was done about security at MS.

Re:Could've been worse

[spagetti_code]

MS would never have seen a bean of that money. First there's the jail time. Then you've got an unemployed teenager with a criminal record and no tertiary education who will, if he finds someone to employ him, probably make minimum wage.

It certainly is a PR move. Remember, almost everything MS does is a PR move because they are now first and foremost a great marketing company.

So its a good move on their behalf - chase some loser for 500K and never see a bean, or offer 'foregiveness' out of the bottom of their hearts.

Re:And in the meantime...

[itistoday]

If you had a box that caught blaster there is nothing preventing you from taking this kid to civil court for damages.

Other than any sense of empathy for the kid.