Veteran Hacker Lays Claim To 'Stages' Worm

[InfoSec News <isn () C4I ORG>]

http://www.techweb.com/wire/story/reuters/REU20000620S0009

By Reuters
Jun 20, 2000 (5:44 PM)

The "Life Stages" worm may be the work of a secretive software writer
living in Argentina who has taken credit for key virus developments of
recent years, computer experts said. The FBI has begun a probe of the
latest attack, according to an advisory on the bureau-led National
Infrastructure Protection Center Web site.

"While it does not damage files, it could clog e-mail systems," the
site warned in announcing the investigation late Monday.

"Zulu," a veteran hacker believed to be living in Argentina, has
claimed credit for writing the virus. In late May, he posted the
programming source code for "Stages" on a virus news Web site, along
with a commentary about the virus that took credit for the work, said
Bruce Hughes, a manager at ICSA.net, Reston, Va. The virus took
several weeks to spread over networks.

Sketchy details about "Zulu" culled from interviews he has given on
underground Web sites suggest he is in his mid- to late-20s. He speaks
Spanish and English.

"Zulu" has taken credit as well for several well-known viruses in
recent years, including "Bubbleboy" -- named after a character in the
"Seinfeld" television series. That was the first virus to be embedded
in an electronic mail message, experts said.

"He is considered on the cutting edge among virus writers," Hughes
said.

"Zulu" has been careful not to spread the virus directly. His method
is to post his latest virus program to obscure sites where others can
find and spread it on his behalf.

He has also taken responsibility for the "Monopoly" virus, which
featured the logo of a Monopoly board game and Microsoft chairman Bill
Gates holding up a fistful of cash.

"Freelinks," a third virus tied to "Zulu," was identified in July 1999
and now ranks as one of the top 10 most widely disseminated viruses in
history, Hughes said. That virus triggered links to five pornographic
websites and diverted the start page of Internet Explorer software to
a porn page.

Some Web sites gave logged as many as 120,000 copies of "Stages,"
leading some companies to shut down their e-mail systems, said an
official of the U.S.-funded computer security clearinghouse Computer
Emergency Response Team.

Delta Air Lines, the third-largest U.S. airline, closed down its
corporate e-mail system Monday as a protective measure after detecting
the virus on employee computers. Tuesday, computer systems were back
in operation, but outside e-mail was limited, a spokesman said.

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".