Forensics work on Sasser/Netsky/Goner
Results 1 to 4 of 4

Thread: Forensics work on Sasser/Netsky/Goner

  1. #1
    Junior Member
    Join Date
    Mar 2006
    Posts
    17

    Forensics work on Sasser/Netsky/Goner

    I found a lot of useless information about the capture of the sasser author (and none about the Goner worm), including the reward money that M$ paid, but what I am looking for are the more technical details...what computer forensics tools were used, which law enforcement agencies and from what countries had to cooperate to make this capture, and how did the forensics experts track him down? To qualify all this, I have a short paper to write for my computer forensics class so the more info or links, the better.....Thanks, eric

  2. #2
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Good luck Eric, I think that you have just accepted mission impossible.

    what computer forensics tools were used
    Probably none, the little turd just bellied up and confessed under pressure. I doubt if he hid it anyway, he didn't think he would be found out.

    which law enforcement agencies and from what countries had to cooperate to make this capture
    AFAIK none, the Germans did it all by themselves.

    what computer forensics tools were used
    Probably none, he confessed, and I doubt if the evidence was even hidden.

    and how did the forensics experts track him down?
    They didn't. He ran off at the mouth, and was grassed up by his "friends" who were after the Microsoft reward $$$$$s.

    As I have suggested, you have picked a bad case here. The case was held in a closed juvenile court and the proceedings are not on the public record.

    As he entered a guilty plea, no prosecution evidence would have been required anyways.

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #3
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    You would do better to pick the melissa virus. They used a hidden mac/CPU identifier that word puts into every document to track him down. I think you will be able to find more details on that particular virus outbreak that any other recent ones. Not that melissa was really that recent. The tools probably wouldn't even be the same anymore.

  4. #4
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Hmmm,

    That is a good suggestion old chap. I remember it...............Melissa the Stripper?

    David.L.Smith IIRC? another legend in his own imagination So he was the vainglorious "vicodinES"............... or was he? The FBI put a shedload of effort (and taxpayer's dollars into that one) it took them nine months just going through ISP logs (back then!!!) but they just couldn't get enough for a DA.

    I had been made aware of this on a very informal level, where I was working in London, so out of curiosity I stoked up my copy of "Microsoft Office 97 Poppy Macro Virus Generation Toolkit" by the aforementioned vicodinES. [ No! I am not even going there]

    I took one of the Office templates, copied it as a .txt and opened it in Notepad. You just scan through the junk, and down the bottom I found that it had been produced by one David.L.Smith's licenced and registered copy of Office 97.

    Talk yourself out of that one son...................

    Nowadays, everyone and their cat knows about Metadata, but it was a little novel at the time an d the forces of darkness were pretty embryonic?

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides