>Well it looks like several addresses are there. Sender, etc. Why cannot >they trace back to the original Sender and prosecute for knowingly sending >a virus that has no other purpose but to impede communication, destroying >information, computers etc.?
The problem is, it isn't a simple task to trace something like a virus back to its origin. All you can do at best is trace an individual virus email back to its sender. But that person is most likely a victim of the virus itself. So then you have to trace the one they got back to its sender, and continue up the line until you find the source. Its possible, but its difficult, and very time consuming, and branches thru many states and potentially countries. So you have to co-ordinate the effort with law enforcement in each area (or use a group that can do this themselves such as the FBI, but then you still have problems with crossing countries). Because of how much time it takes, and the limited resources to do the searching, law enforcement groups have to pick, do they go after a virus author, or do they go after the murderers, kidnappers, rapists, or any other crime they may have to investigate. And of course, when they decide to go after the virus author, you need search warrants to check out the mail for each person, unless they willingly turn over email records. I can speak as an admin, willingly letting the FBI root thru my email... well, you won't find too many admins that will do that. They may be willing to pull up the specific information the FBI wants, but then you have to deal with making sure that is the RIGHT information (not all admins know what they are doing, and know how to find the right info... of course the FBI tends to be WORSE which is why I wouldn't let them touch my systems with a 10 foot pole until a court order gives me no choice). And this is saying the info even exists by the time someone comes looking for it. Most admins are more concerned with restoring their services and squashing the virus, then worrying about saving enough info to find the bastard that started it. Again, as an admin, yeah, I'd love nothing more than to find the bugger that did it and beat him with a bat... but before I can worry about that, I have to get my own company back online and clean. Work needs to continue, with revenge taking a back seat. Also, many ISPs don't hold the records needed to trace it. You can thank the FBI and their a-hole attitude for this. Too many ISPs were getting saddled with BS requests for logs, and spending a fortune trying to satisfy the FBIs requests... so they simply stopped keeping the records entirely, so when asked, they can honestly say "sorry, we don't have that" and not waste the money on it. (Earthlink at one point found it was costing them $500,000 a year to keep up with filling the FBIs requests for info... they ceased saving the logs that could fulfil the requests, and their costs dropped to about $1,000 a year to write letters in response saying "Sorry, we don't have that".). So much of the time, the info needed TO trace back to the source, is wiped out before anyone can look at it. So you see, it isn't a simple task to find who started the whole thing. BUT... the FBI and other groups still look, and when they do manage to find the author, they DO prosecute them. It was just in the news that they found the author of the Blaster worm (I believe that was the one), and they did arrest him, and they are charging him with a felony. I forget exactly what they are charging him with, but I know it involves the estimate of some billions of dollars worth of damage (which is probably a major over estimation of the true costs of damage). That means, if convited, the guy will probably go to jail for life (or a really really really long time). That does of course bring up another topic which we don't really need to discuss here... that is, should a person get life in prison for releasing a computer virus, but someone who commits murder gets only 20 years with parole in 10. >Now regarding your conclusion we need to teach the kids technological or >academic stuff in priority over training them not to develop and spread >viruses I am in disagreement. Although I'm certainly no expert on the education system, and it sounds like you have WAY more experience dealing with convicted criminals then I do... I can say that we can teach kids all we want about not writing computer viri... and it probably won't make a huge dent in the levels of them. Most of the authors need fairly decent programing skills to begin with. The level of skill it takes to write the initial virus means that the author is probably well aware of the kind of damage the virus can inflict. But that doesn't stop them. Its much like Dave's graffiti analogy. Do you honestly think that all the kids who spray paint their name on a building don't realize that what they are doing is wrong? They are probably well aware of it, they just don't care. Maybe that is an education thing, maybe it isn't. (It probably couldn't hurt to better educate them on morals and ethics). If you REALLY want to put a stop to it, maybe what we need to concentrate on is educating the admins out there that MS Outlook are very poor choices of email client. And maybe someone needs to file a lawsuit against Microsoft. They have repeatedly upgraded Outlook and Outlook Express, and Windows, and Internet Explorer, and yet have still refused to remove the simple ability to run a program without the express permission of the user. Stop using MS Outlook, and 99% of the virus problems we have will go away. But no one seems to want to do that. Instead they want to waste "billions" of dollars (by the estimation of whatever group plucked that number out of the air), doing an end run trying to stop the virus after it has started, and then go after the person that wrote it, and then educate people not to write them. Rather than doing the, in my opinion, logical thing of simply changing to a different email client, and letting the whole thing stop by itself. -chris <http://www.mythtech.net> ___________________________________________________________________________ To unsubscribe send a mail message with a SUBJECT line of "unsubscribe" to <[EMAIL PROTECTED]> or <[EMAIL PROTECTED]>

