Last week, the Internet was hit with a one-two-three punch. Two so-called direct Internet worms, MSBlast and Nachi, tied up Web traffic while the fastest-spreading e-mail worm ever, Sobig, slowed e-mail communications. These worms cost each of us precious time; our lost productivity, in turn, costs our businesses money. Yet the chances of prosecuting, or even identifying, the person or persons responsible for these worms are pretty low. THE FIRST PROBLEM with bringing virus authors to justice is that they work very hard to remain anonymous. One way they hide their identity is to release a virus onto the Net from a public terminal at a university computer center or copy shop. While digital forensics could later establish which terminal sent the first copy of the worm, forensics alone cannot identify who sent the worm. Unless another person could identify the individual who sat at a particular computer at a particular time, it’s virtually impossible to find someone to prosecute. The second problem is that, even if you could place a person at the terminal, it can be difficult to prove in court that he or she was the one who wrote the code. Many virus writers go to great lengths–including destroying their hard drives–to get rid of evidence that might aid prosecution. Full Story