I believe the most interesting reading comes from Arrest Warrant for Jeffrey Lee Parson (FindLaw pdf)

I won’t pick apart too much the document, that is up to the attorneys. But I do have some questions.

According to the document referenced, on August 14th, M$ “became aware” of the backdoor installed by the Lovesan B variant of Mblaster to www.t33kid.com

The Feds, on August 15th, were advised that the hosting company for www.t33kid.com ( the site that the variant contacted ) had received reports on August 12 of a complaint that a computer had been infected “ ... with some code that was attempting to contact the www.t33kid.com web site”

On August 16th the www.t33kid.com server was seized ( “ FBI agents secured the computer that hosted the www.t33kid.com web site ...” ).

On August 18th the Feds learned that www.t33kid.com was linked to dl.t33kid.com which was linked to the suspect's IP address.

On August 19th the Feds searched the suspect's home and seized seven computers. The same day the suspect admitted modifying the Balster worm and creating a variant, and renamed the original executable MSBlast.exe, named it after his online name, and included back door software which he copied.

On August 28th an application for a warrant for the suspect was issued on behalf of M$ who claimed damages.

Obviously from the articles I have read the suspect was not the sharpest tool in the shed, and it just illustrates that it takes little computer skill to construct a virus and cause such havoc.

Question 1:
what would the Feds have done if the DDOS was targeted at “ mom&pop.com” or “joe_****_the_ragman.com”?

From FBI to Arrest Teen in Internet Attack
... A witness reportedly saw the teen testing the infection and called authorities, the official said.
Question 2:
Why did it take so long to apply for the warrant after the suspect had admitted the offense ?? The Feds, at the time of the application, still had not analyzed ( according to the application referenced ) any of the computers involved, had not received any additional information, so what were they waiting for? Why was the alleged “witness” not referenced in the warrant application??

Question 3:
Why would ANYONE, as eluded to before in this thread, hire this individual to safeguard their or anyone else's systems? Twenty-five years ago maybe, he would have been one of a hand full of individuals who understood computers even with his limited competence. But times have changed, as have attitudes.