FBI watching Oracle-SAP trial

IDG News Service - An FBI agent has been in the courtroom each day this week watching the Oracle-SAP trial, suggesting U.S. law enforcement continues to take an interest in the case.

SAP said in 2007, when Oracle filed its civil lawsuit against the company, that the Department of Justice had requested documents related to the matter from SAP and its TomorrowNow subsidiary. SAP said at the time that it would "fully cooperate."

In a court filing in August, SAP said there was an "ongoing investigation" by the DOJ and the Federal Bureau of Investigation into "some facts and circumstances that are involved in this matter."

Oracle originally filed 10 complaints against SAP, including copyright infringement, violation of the federal computer fraud and abuse act, breach of contract and unfair competition. It agreed to pursue only the copyright claim at trial after SAP accepted some liability.

It's not unusual for representatives from the DOJ or the FBI to listen in at civil proceedings to learn more about a case or help them determine if they wish to file criminal charges.

"We have an interest in the case," the FBI agent said in court Thursday. He declined to comment further or provide his name. A spokesman with the FBI office in San Francisco would not confirm or deny it is watching the case.

Kyle Waldinger, an assistant U.S. attorney in San Francisco, was also in court observing the case this week, Bloomberg reported.

SAP spokesman Bill Wohl declined to comment beyond reiterating that his company would cooperate with any requests. A spokeswoman for Oracle declined to comment.

SAP has admitted that its now-closed TomorrowNow subsidiary stole support materials from an Oracle website, and the trial is to determine how much damages SAP should pay.

Charles Phillips, a former Oracle president, testified for Oracle in the case this week, and Oracle Chairman and CEO Larry Ellison is due to take the stand Monday. SAP will begin to present its defense in about 10 days, and the trial is expected to wrap up before the end of the month.

Conficker Worm's Fury unleashes on April 1, 2009

The Conficker Worm has been harassing computer network security administrator's for months since it climbed out of the internet underground sometime in 2008. It is about to get a fresh update on April 1, 2009 and security officials are bracing for the impact that the upgrade might have.

Before we get too far you should know what a worm is. Here are some definitions to put it into perspective.

Virus - a computer program that can copy itself and infect a computer without the permission or knowledge of the owner.

Trojan Horse - a computer program that may be legitimate but has secondary illegitimate objectives. For instance, a computer program that lets you burn DVD's but also opens a backdoor in your computer to let a hacker get in and control the computer of the user.

Worm - a self-replicating computer program. Unlike a virus, it does not need to attach itself to an existing program.

Though they sound similar, they are considerably different. Right now the Conficker worm is tearing through the internet and business computers like the sands of the desert planet Arrakis (Dune). It has infected as many as 10 million business computers with many high profile computers noted such as French Air Force, Royal Navy Warships and Submarines, Sheffield Hospital network, UK Ministry of Defence, and Norwegian Police. It has also infected scores of individual users alike. A simple action such as using a USB drive on an infected computer and then using that same USB drive on another computer will be enough to spread the infection.

The problem with the Conficker Worm is that it is ever evolving, meaning that it gets updates from it's creator(s) periodically so it's always one step ahead of the security "police". For instance, at one point (when the worm was first detected) Microsoft (MS) released a patch to fix the hole the worm was using to wreak havoc. Then shortly after, the worm updated and found a new hole to use to infect systems. What's worst is the worm uses a different site to update out of a list of 50,000. To say the least, security experts are impressed with the Conficker worm's ability to adapt and lead experts on wild goose chases.

What's interesting about this story now, is that the worm has stopped spreading. It is becoming more defensive in nature. Instead of finding ways to infect more computers, the creator(s) are taking measures to ensure that the computers that are infected with the Conficker Worm, stay infected. For instance, an infected computer may not be able to install any anti-virus programs or go to any anti-virus program web sites. It's as if the creator(s) want to protect the worm's install base by removing the worm's ability to replicate itself, which would suggest they believe they already have enough infected computers to accomplish whatever they are planning to do.

Though the worm is believed to have originated in the Ukraine, no one knows for certain. MS is concerned enough about the damages that may ensue (or have been caused), they have put a $250,000 bounty on any information leading to the creator(s) of the worm. I have never heard of a bounty (or such a large one) being put out for the creator(s) of malware. It's interesting to see where this will go.

The bottom line... IT security experts are reluctant to say "the end of the world is at hand", but the worm is set to update on April 1st, 2009, with unknown consequences.