Tracking down virus distributors for civil litigation

Tracking down virus distributors for civil litigation

I am receiving the Klez worm almost daily. I have used programs like Sam Spade and Spam Punished to identify the sender's ISP. I have repeatedly contacted the ISP requesting their help in identifying the perpetrator but I only get the standard "thank you" e-mail in response.

Are there any federal law enforcement agencies that have an interest or responsibility in tracking these criminals? Have any victims, to your knowledge, been successful in civil litigation against the non-cooperative ISP?


    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

You may not realize this, but the Klez worm spoofs the "from" address. It pretends to come from , but really has come from somewhere else.

Complaining to ISPs about Klez is not going to get you much sympathy. They do not generally do anything about this sort of incident -- Klez is too widespread, and they probably doubt that you have correctly identified the sender. I would suggest that you not waste more time on this. It is far more efficient to set up some sort of spam block with your ISP, if you can. Failing that, configure your e-mail program to delete those messages with the relevant subject lines used by Klez. You can find these listed at antivirus vendor sites. Since I started doing that in July 2002, I've caught about 60 copies. Once I had the most common subject lines configured, it has been a rare case of an example of Klez getting through to my inbox.

Federal law enforcement agencies will get involved in cases involving substantial financial losses. I suspect the cut-off is somewhere around $50,000 -- if you cannot prove losses superior to an amount like this, they do not have the resources to chase the authors of these critters.

I'm not aware of anyone taking an ISP to court over this, let alone winning a case. ISPs generally do not get involved in the content transmitted, except in cases of child pornography and national security. I would guess that the first thing the ISP's lawyers would do is question your capability to determine who actually sent the e-mail in question. Unless you had a lot of time and technical resources/experts on your side, as well as the cooperation of the critical links in the Internet chain between your machine and the "source," you'd have a tough time proving your case.

I know it can be frustrating dealing with these critters. At the same time, there are some things we can do and some things not worth the effort.

If you want to have an impact on the virus/worm problem, start locally by helping educate young people about the implications of writing these things.

For more information on this topic, visit these other SearchSecurity.com resources:
Ask the Expert: Fighting back against virus writers


This was first published in January 2003