Let me tell you a little story…
I’m at work, just doing my job (surfing the web, reading the boards, dreaming of cheesecake, chocolate and my GF) when I (we, as in my company, I as in the Net Admin) receive an email, with an attachment, called AnnaKournakova.jpg.vbs, at least, that’s what the file attachment was called. The name of the virus in the virus is Vbs.OnTheFly. Silly hacker, too proud to leave his name out of the code, I did some research, took me all of two hours, never getting up from my chair, but I’ve got the guy down to the city he lives in.
I did searches on the net and in newsgroups on the UseNet and found lots of evidence to back up that this is the guy, and he’s out creating VBS viruses left and right. Rather proud of it too. I have his email address, and by his foolish and extremely broad presence on the net, his hometown as well.
Do I notify his webmail host? I can’t see that it would do any damage, he would just pick a new free shielded webmail address and continue on. He’s small time, that’s for sure, especially if I can understand his scripts and locate him so easily.
What’s an Admin to do in this case? My company is safe, I took care of the problem before it began really, but still, he managed to infect a client of ours rather well. Took their mail servers down for the day. Who would I notify considering it’s a free webmail, not an ISP that he’s going through.
Any suggestions?
Do I leave the kid alone?
I have no problem with trying to figure out code and learning what the insides of applications are like, but this kid is harming innocent business.
Funny, I just got this same virus a few times myself through some listserves.
Although getting a new email address is easy, they may be able to track down his ISP. Switching ISP providers is more of a pain. Also, if this person can really be identified as the writer of the virus, he’s broken some laws by distributing it.
The virus hit us at work too. But if it’s so easy to track down the author, rest assured that some expert virus-hunter has doubtless done it in a fraction of the time it took you and has already contacted the proper authorities.
Also I would want to be sure that you have the right person. If I were writing a virus I would put the name of my annoying next-door neighbour all over it, and not my own.
P.S. Here’s what the anti-virus software company Symantec has to say about the “Anna Kournikova” virus:
Would that I had seen this thread before one of my clients had sent me this, I would have adjusted my filters accordingly. Does anyone know how to get rid of the 0 byte file that the damn thing has left?
If you really want to still contact someone, I suggest the local FBI office. Those guys’ll put a crimp in yer day.
Ye gads! It appears to be a Dutch virus, from the link Arnold posted. I had nothing to do with this, I swear! No, really!
Nice try Coldfire, but soulsling has already identified your name and address. It’s been nice knowing you, and I hope you’ll think fondly of us romping through the sunlit prairies of the SDMB while you’re rotting in a dark dungeon with no access to a computer.
<<foolish and extremely broad presence on the net>> Yup, that’s Coldfire all right. soulsling, release the hounds!
u r juzt jealus cuz u aint 733T, w1nk3lr33d!
Ok, that’s two mods to split the cost of my new keyboard, right?
ROTFLMAO
Something I found through the usenet that isn’t being posted at Symantec though was the “Hacker” OnTheFly posting in lots of Hacker newsgroups in English and German requesting help building viruses, and asking for certain viruses in particular, including one post asking if anyone knew where he could download VB6.0. He even posts code for a sample virus he wishes to share with people in one post. Easy to do a search in Deja or Google and come up with the posts.
souulsling, I didn’t mean to belittle your research. You’ve found out more (and have more technical knowledge) than 99% of the people that have received this virus, I’m sure. However:
[ul][li]If symantec had any knowledge of the identity of the hacker, I’m sure that they wouldn’t post it at their website describing the virus. I think the purpose of the website is to tell people how to fight viruses, not to publicize hackers. I only mentioned the site for the purpose of giving people more technical information on the virus.[/li]Here’s the way I see it. There’s a person (I’ll call him Hacker A) posting on Usenet, asking “How do I make a virus?” Then a virus goes it with the name of that person in the source code. The virus creator could be another hacker (Hacker B) who is irritated by the clueless newbie Hacker A and says to herself “I’ll create a simple virus and put Hacker A’s name on it. That’ll teach him.” I’m not sure there’s enough information to finger Hacker A. Now, if you could prove that the original posting of the virus happened from such-and-such an IP address, that would be better evidence IMHO.[/ul]
I apologize in advance for picking nits, but this really does bother me:
Might I ask that we refrain from referring to this person as a “hacker”? I know the term is often used as a pejorative, and I don’t feel that it should be; hackers, for the most part, are decent (if eccentric) people with considerable technical skill who are often unfairly demonized in the media. There are more appropriate terms for virus-spreaders, particularly those of this type, who don’t qualify for the term “hacker”. I would say that even calling him a “cracker” is granting too much respect, as the term connotes a significant amount of technical ability (at least in the area of computer security). The people who spread this type of virus would more properly be referred to as “script-kiddies”–it’s unlikely that they even understand the do-it-yourself virus software they downloaded.
No. hacker hacker hacker.
Ouch! Stop kicking me.
OK then, “script-kiddie” Coldfire has clearly fingered himself (in the meaning of “given incriminating evidence against himself”, you perverts) by his knowledge of “script-kiddie” lingo. What the hell does “733T” mean anyway?
Heh. Trust me, if I had kicked you, you’d be saying “Call 911!” not “Ouch!”
Coldie has fingered himself as one of the warez d00dz, actually, of whom script kiddies are a subset. Warez d00dz share cracked software, and often build their entire online personas on it. Some of them just download the stuff, or get copies and post it; others get hold of cracking scripts and run them on new software to break it, then post it. The latter type, along with those who generate viruses by script or kit, are script kiddies. The ones who actually crack software (by script or, very rarely, by their own skills) are referred to (usually by themselves) as “elite”. In warez d00dz spelling, that’s “733T”, a mangled form of “'LEET”. True hackers regard the entire group with weary disgust.
Since I seldom miss a chance to plug one of my favorite sites, I will point you to the Jargon Dictionary’s take on warez d00dz and hackers. They also have an excellent explanation of the hacker ethic, which is, after all, related to the thread title. 
Besides, the Jargon Dictionary is a fun read.
Arnold Winkelried calling 911? That’ll be the day, my friend. Or do you not know the story of the glorious Winkelried?
I’ve peeked at the Jargon Dictionary before, lots of good information there. But “script kiddies” was a new term for me. I was mortified to read there “script kiddies 2. People who cannot program, but who create tacky HTML pages by copying JavaScript routines from other tacky HTML pages.” I’ve copied JavaScript from other HTML pages before! :o But then I know how to program (though my official duties at work now don’t include programming) so maybe I’m not quite a script kiddie?
In any case, the meaning of “hacker” as “malicious computer user” is here to stay. The Merriam-Webster online dictionary says
“Main Entry: hack·er
Pronunciation: 'ha-k&r
Function: noun
Date: 14th century
…
4 : a person who illegally gains access to and sometimes tampers with information in a computer system”
[sub]It did depend on one indeed;
Behold him, – Arnold Winkelried!
There sounds not to the trump of fame
The echo of a nobler name.
(James Montgomery, The Patriot’s Password)[/sub]
Arnold, you have a point.
Actually, script-kiddie probably fits the ballot better, if it is the same person posting all over the net. hacker shmacker, i really don’t care, i was just using the word for lack of any real thought or care being put into the semantics of techno-geekdom in our day.
Heh, do we really need to get PC with tech terms? (get it? PC? Ha!.. … … nevermind…)
I agree that Symantec or MacAffee(sp?) or any other anti-virus site/software company wouldn’t and shouldn’t post info on the author of the scripts, but I found it odd that after the Love-Bug thing spreading so fast and the intent of the FBI to catch the guy, they would’ve put the same effort into going for mr. OnTheFly…
Oh well.
Peace.
soul
Maybe it would be for my broken foot…
Ah, but were they tacky pages? These distinctions are important! And, yes, your progamming competence (and more importantly, your better attitude) will ensure that I never malign you as a script kid. You’d never catch one of them moderating at a place like this (if they would ever do it anywhere at all).
Probably so 
That doesn’t mean I’ll quit bellyaching about it, though.
<Briefly considers kicking soulsling for that utterly unwarranted “PC” pun, decides to save uninjured foot for later>
Soul, I didn’t mean to harp on it or to criticize your OP or thread title. I applaud your investigative efforts, although I agree that Arnold had a point about the results. There’s a reason (IMHO) to keep the terms straight in cases like this. Calling the perpetrator a “hacker” is just giving him the kind of recognition he craves. Hackers are often perceived as shadowy, sinister figures “out there”, who can do things to people that the victims can’t even understand. A guy can be a totally harmless-looking geek in person, but a serious threat on the 'Net. There’s a certain mystique to it; script kiddies want to be part of that without earning it. Calling him a “hacker” is a reward of sorts; I don’t think anyone would appreciate being called a “script kiddie”.
i 4m d4 733T h4x0r fr0m h0774nd!
[sub]OK, I’ll stop now.[/sub]