Network News

X My Profile
View More Activity

Lessons Learned from the 'Leaves' Worm?

This week marks the fifth anniversary of the "Leaves worm," a crafty piece malware that broke new ground in a myriad ways and offered a taste of what the criminal hacking world had in store for computer users and online advertisers in the years that followed.

Leaves was the first worm to come disguised as a security update from Microsoft, a still-effective tactic used with abandon in today's worms and viruses. It also was the first high-profile attack that enlisted victims' computers in large-scale advertising fraud. The Leaves author is widely thought to have used his network of more than 23,000 infected PCs to generate revenue by directing them to periodically click on Internet ad banners.

This type of advertising scam, known more colloquially as "click fraud," is perhaps one of the more vexing, prevalent and profitable forms of online fraud today. Some experts have even estimated that the as much as 20 percent of fees in certain advertising areas result from click fraud.

The FBI and Scotland Yard tracked down the author of the Leaves worm by ... well, following the money this 24-year-old Brit was allegedly making from his elaborate scheme. I say "allegedly" because I wanted to catch up with this guy for this blog entry to see what he's done with his life since then, but he was never charged with any crime and was released shortly after his arrest. British authorities never revealed his identity nor explained why they declined to charge him -- even after a substantial international manhunt by the FBI chronicled beautifully in this engaging story from

The British investigators also never released the suspect's name, and I could find no mention of it in any of the stories written about his arrest. However, a source with close ties to the British investigators involved in the case said the man has since "gone completely legit" and has no interest in speaking with the media. Maybe being hauled into court scared Mr. Leaves straight.

Still, I have to wonder whether the case didn't sour the FBI on investigating these types of crimes, given the resources they piled into an ultimately futile effort. Today, there are hundreds of guys around the world making money just like Mr. Leaves -- with far more victim computers at their disposal -- except that many of them operate out of countries which have far less cozy legal and diplomatic relations with the United States.

By Brian Krebs  |  June 22, 2006; 3:25 PM ET
Categories:  From the Bunker  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: FTC Laptop Theft Exposes Consumer Data
Next: Flaws in Financial Sites Aid Scammers


On the varied and sometimes clever ruses that are used, my first defense is using an Apple MacIntosh. That eliminates all the holes in Microsoft's operating systems. Second is the smell test. All the penny stock, and indeed all stock tips are ignored. Only information that I accept is one on line service that I subscribe to. It is local and again I ignore much of the advice on purchases. I'm looking more for things to avoid.

I am much more concerned that so many laptops/disks are exposed to theft. I am one of 26 million who are one, and who knows how many more. Data that really is important MUST BE doubly protected by both passwords and more important by really secure enciphered data.

My back of envelope estimate is the VA letters cost well over 13 million dollars just for mailing two sheets of paper first class. It amounts to 10,400 big boxes of copy paper, although it was probably not printed that way. It is still a lot of paper. My current count is around ten data losses recently from unprotected machines that were either hacked or stolen.

My $0.50 worth. (Inflation adjusted 2 cents!)

Posted by: james little | June 23, 2006 2:55 PM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company