RealTime IT News

'Melissa' Creator Gets 20 Months

Melissa e-mail virus author David Smith was sentenced to 20 months in a federal penitentiary by the U.S. District Court in New Jersey Wednesday, according to news reports.

Smith was apprehended in 1999, after Federal Bureau of Investigations officials found him residing in his brother's house in Eatontown, N.J.

The Associated Press quotes Smith as saying the computer virus, which caused systems to crash and forward itself to 50 other addresses in the Microsoft Outlook address book, was a "colossal mistake.

Attorneys on both sides agreed the damages caused by the so-called mistake totalled more than $80 million dollars worldwide, though the judge only fined Smith $5,000.

He faced 10 years in jail and a $50,000 fine for his actions, but prosecutors suggested a lighter sentence given the defendant's help in catching other virus makers, notably scores of script kiddies who cloned a legion of Melissa knockoffs.

The sentence comes at a time when cyber-terrorism aeems to be on the rise. While security hacks over telephone lines have been going on since the advent of Captain Crunch and his "phreaking box" in the 1970s, a rash of high-visibility security break-ins -- as well as post-9/11 worries -- have cast a brighter spotlight on the problem.

According to a GartnerG2 report released Wednesday, 90 percent of cyberattacks exploit known (i.e., preventable) security flaws which could have been avoided with the installation of a security patch by the software/hardware manufacturer.

Richard Mogull, research director for GartnerG2, said patches are available for IT staffs, but many don't bother to download and install them.

"Estimated losses from Code Red and Nimda were in the billions of dollars, yet Code Red exploited a flaw for which a patch was available, proving that we never learn from our mistakes," he said. "Nimda exploited the same flaw just a few months later. Both continue to survive on the Internet today."