Information Security News mailing list archives
Veteran Hacker Lays Claim To 'Stages' Worm
From: InfoSec News <isn () C4I ORG>
Date: Wed, 21 Jun 2000 01:07:41 -0500
http://www.techweb.com/wire/story/reuters/REU20000620S0009 By Reuters Jun 20, 2000 (5:44 PM) The "Life Stages" worm may be the work of a secretive software writer living in Argentina who has taken credit for key virus developments of recent years, computer experts said. The FBI has begun a probe of the latest attack, according to an advisory on the bureau-led National Infrastructure Protection Center Web site. "While it does not damage files, it could clog e-mail systems," the site warned in announcing the investigation late Monday. "Zulu," a veteran hacker believed to be living in Argentina, has claimed credit for writing the virus. In late May, he posted the programming source code for "Stages" on a virus news Web site, along with a commentary about the virus that took credit for the work, said Bruce Hughes, a manager at ICSA.net, Reston, Va. The virus took several weeks to spread over networks. Sketchy details about "Zulu" culled from interviews he has given on underground Web sites suggest he is in his mid- to late-20s. He speaks Spanish and English. "Zulu" has taken credit as well for several well-known viruses in recent years, including "Bubbleboy" -- named after a character in the "Seinfeld" television series. That was the first virus to be embedded in an electronic mail message, experts said. "He is considered on the cutting edge among virus writers," Hughes said. "Zulu" has been careful not to spread the virus directly. His method is to post his latest virus program to obscure sites where others can find and spread it on his behalf. He has also taken responsibility for the "Monopoly" virus, which featured the logo of a Monopoly board game and Microsoft chairman Bill Gates holding up a fistful of cash. "Freelinks," a third virus tied to "Zulu," was identified in July 1999 and now ranks as one of the top 10 most widely disseminated viruses in history, Hughes said. That virus triggered links to five pornographic websites and diverted the start page of Internet Explorer software to a porn page. Some Web sites gave logged as many as 120,000 copies of "Stages," leading some companies to shut down their e-mail systems, said an official of the U.S.-funded computer security clearinghouse Computer Emergency Response Team. Delta Air Lines, the third-largest U.S. airline, closed down its corporate e-mail system Monday as a protective measure after detecting the virus on employee computers. Tuesday, computer systems were back in operation, but outside e-mail was limited, a spokesman said. ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Veteran Hacker Lays Claim To 'Stages' Worm InfoSec News (Jun 21)