Jeffrey Parson pleaded not guilty Wednesday to charges that he authored an Internet computer worm that infected thousands of computers last month. The Minnesota teenager was arrested with much fanfare Aug. 29 in connection with the MSBlaster series of programs that wreaked havoc on the Internet earlier that month. The arraignment comes as computer experts warn of another worldwide computer flaw which could lead to the same kind of worm outbreak.
Wearing a simple gray t-shirt, blue jeans, sneakers and a piercing below his lower lip, Parson spoke softly when asked his name and date of birth, virtually the only words he spoke during the five-minute procedural hearing. Public defender Nancy Tenney entered a not guilty plea on his behalf.
Under updated conditions of his pretrial release, Parsons will now be allowed to leave his home for employment as well as school, subject to court approval.
His defense attorneys said Parson had no statement to make.
“He’s just trying to live as normal a life as possible,” said Carol Koller, a second public defender assigned to his case.
Parson flew into Seattle Tuesday night, ushered by U.S. Marshals. His defense attorneys declined to say when he was flying back to Minnesota.
An 18-year-old resident of Hopkin, Minn., Parson was known on the Internet as “teekid.” He has been under house arrest since his arrest — barred from using computers, and allowed out of his house only to attend privately-tutored high school classes.
The MSBlaster variant Parson allegedly released, called MSBlaster.B, is a slightly altered version of the original MSBlaster, which infected over 1 million computers. But the government alleges MSBlaster.B infected only 7,000 computers, making it a minor variant of the original worm.
Parson admitted releasing the worm when he was confronted with evidence by federal authorities on Aug. 19, FBI and Justice Department officials have said. “He made certain admissions which are included in the complaint,” U.S. Attorney John McKay McKay said at a press conference announcing the arrest. “He admitted conduct which we allege is unlawful.”
At the time, officials stressed that this was not the end of the Blaster investigation, and sources said Parson likely did not have anything to do with the original MSBlaster worm variant, which targeted security holes in Microsoft’s Windows operating system.
Several variants of MSBlaster were released after the original worm made its way around the Internet, including one named Welchia, which also caused major headaches for corporations. The MSBlaster.B variant, however, did not spread very far. In fact, it included negligible changes to the original MSBlaster: a new file name, teekids.exe, some additional vulgar text added, and new compression to avoid antivirus products.
Another MSBlaster variant suspect has also been tracked down by authorities. Earlier this month, Romanian police arrested 24-year-old university student Dan Dumitru Ciobanu and charged him with writing MSBlaster.F. That variant only infected a handful of computers.
ANOTHER WORM ON THE WAY?
Even while Parson was entering his not guilty plea, security experts were issuing warnings about the likelihood of a new computer worm that might cause damage similar to MSBlaster. On Sept. 10, Microsoft announced it had found another flaw in its Windows operating system that could allow computer intruders to stealthily break into systems around the globe. The flaw is very similar to the original flaw that opened the door for the MSBlaster worm. Tuesday, Internet security firm iDefense Inc. said it had evidence that virus writers had already made a tool for exploiting this new flaw, and it expected a new worm attack at any time.
“A new Blaster-like worm family could be created in a matter of hours or days now that exploit source code has been posted in the underground,” said spokesman Ken Dunham.
Both Windows flaws are particularly damaging because they allow the creation of very stealthy computer worms.
Unlike most viruses, which arrive via e-mail, MSBlaster simply sneaks onto computers connected to the Internet that haven’t been patched. Victims often don’t know they’ve been hit.
MSBlaster zeroes in on computers running Windows 2000, Windows XP, Windows NT 4.0 and Windows Server 2003 operating systems, Microsoft said. Once Blaster infects a computer, it scans the Internet for other vulnerable machines to infiltrate.
It’s not yet clear what operating systems might be vulnerable to the new, anticipated worm.