Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Euro Cops Catch Suspected Botnet Operators



 By: Matt Hines
2006-06-27
Article Rating:starstarstarstarstar / 1


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Law enforcement officials in the UK and Finland have arrested three men suspected of distributing malware code and running a botnet network.

European law enforcement officials arrested three men believed to be behind the creation and distribution of multiple strands of malware code.

The three men are also suspected of having operated a so-called botnet network built from the PCs that their viruses infected over the Internet.

Resource Library:

The British Metropolitan Polices Computer Crime Unit, along with the Finnish National Bureau of Investigation and Finnish Pori Police Department reported that they arrested a 63-year-old man in Suffolk, England along with a 28-year-old man in Scotland and a 19-year-old man in Finland on June 27.

The three men are being charged by local officials for operating a conspiracy to infect computers with malware, and are believed to be at least part of the virus-writing team identified publicly by the name M00P.

"This highly organized group are suspected of writing new computer viruses in order to avoid detection by anti-virus products," the British Metro Police said in a statement.

"They have been primarily targeting UK businesses since at least 2005, and during this time thousands of computers are known to have been infected across the globe."

The group won its name with malware researchers and law enforcement officials based on its practice of leaving the word M00P somewhere in the lines of software code used to deliver its attacks.

Researchers said the name has shown up in multiple attacks, many of which were sophisticated and sought to take over the PCs of unsuspecting people who came in contact with the viruses.

According to anti-malware applications specialists Sophos, based in Abingdon, UK, the M00P gang are believed to have written viruses including the W32/Dogbot spyware worm, Troj/Hackarmy-C, Troj/Santabot-A, Troj/Shuckbot-A, W32/Rbot-BF and W32/Tibick-A.

References to M00P are also contained inside the Stinx Trojan horse, company officials said, which was mass-e-mailed to users in 2005 offering the subject line "Photo Approval Needed," and which sought to take advantage of root kit software formerly distributed by Sony on its music CDs.

The M00P team is considered unique in that most malware writers involved in such organized crimes go to great lengths to disguise their identities, while the arrested men appeared to seek some form of notoriety by including their name in their attacks.

Unlike so-called script kiddies—writers of the Webs earliest attacks who appeared more interested in gaining popularity than making money—most criminals seeking to cash in on their viruses tend to keep as a low a profile as possible, said Ron OBrien, senior security analyst for Sophos.

"Any time that you can find a fingerprint in the code, thats the smoking gun, and we had that in this case," said OBrien.

Study: Most technology companies have data losses. Click here to read more.

"This case definitely involves a combination of someone desperately seeking attention, but who was also engaged in a fairly significant level of criminal activity, which is very unique."

OBrien said that the details indicate that the M00P group may have started out as a non-criminal enterprise that eventually fell prey to the lure of easy cash.

The ability and willingness of script kiddies to sell out to other criminals or cross the line themselves is particularly troubling, he said.

"Were concerned that this type of activity, while it may seem to have a hint of entertainment value, has probably been responsible for destruction of many, many PCs," said OBrien.

"So, if theres a lesson its that if you see this type of behavior or get impacted by something like this, call the authorities, there could be some clue hidden in the code that helps them catch the bad guys."

Sophos believes that the accused cyber-criminals chose the name of their group based on an episode of the animated television show "South Park" on which the programs characters formed a band called "Moop" and debated the ethics of file sharing.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Euro Cops Catch Suspected Botnet Operators
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Matt Hines
 


x}v㶲s{̎SnKvlRә9K")1ErmuN~b^Κo*BK;}-R( PxCgo@.U7 teчyƽiv@9AxL&MDMbBa<9F+kh|V{RB[U;R7}RGdd9rT(H`Qʞdnڭc䅠QFE8 /U#n3q I!Dv`4xOGa7PWs,ǃT*KkQ3cufZꙪuH||3@ؾ:雁G]L0Hhz~0[ M%$7 V:\ܪ?yO,ӇwBp ۱e[g:6f5]Gv7񜹭gO]EQIXbEZ'>:O x O LE1n#QTaF,S+F j]CRFZԥRaU ;eG2-hݝkBȊ"IU:Gn8Th;@r: e Uc8j2"A +tn&1џDr,W*bcd"A mjzW`%rM5JQ߸+z^T$%dZCKr ] dXIc/YdY#w;ǃSҹtnotNΏo3do̲5jUQ* J vf#?ޛWg/ݫmnicGV=bF ɟkJ=?_C"XCcؚ`#j !3|;|i?_tOHN(N/ `SmDmZعʑ\RǛaXD͂94o-߶Nf@·- at(k:k45Tf!03`uܼoN49̡蟩$m45pİ/hStعqRMFT:r@@JR~nV(ESeIJ7%DDsv<=rEII 8O9{c7,xj_u&!fu՜Ӆ]WuoY$\zcOZgM{W~XXѮnvZM(q:*no:*J=6wOV)CRQR]UL 0թm!m]ucέy0`hFv~Tgngng͑jۉP'I8hƋm<:7UH/BA.> wn]?&: pn3w9&zTD۠h&r<$U'ʦMf@Bs#08wɽ 5 Qn0R}a !qj !Txs5DSo  ќVURG&\36tVd\KQo Ч2 %AW$@!-i]R@Az6: -8,rr ޑv\.%rP.o=ՑpL\.?Kh3aGE,n^ $ d:g2IMiM-&x6r"e.G @7Kᅖ6FlY*I EWja$ LX,ՙxnZ:i &N@NU0O(iH\U}ԘsԟxFK@uo:\f3,3-5{05`bDz@ 2UMhLSS R f?{0-#$ 7uEVu]4yTXhw% 3Ͱ&Sq8+owzfr=*SMrfsSږiMc6U\gsFPB/S2 L_&AB5 6d:$Wt';oW d4ݤ|rei*T{`͙9 Fh< U7p=1:3m/f$)`b\uΖMkͲT݈^ӛA| R[k! M2L ㍇Zg:+_iihHCumŹfXGJMʆɣEz҆CTCF 4|3ö/Y(OG,-s9VV$a6sGW@@@7h$Ϻ`*3]0P.m^GgV7y9xI>Xvt.>um0TNc|0ː ;u :EװDؙ\{ܧmQJhx-E\84[)0{ gб3Tbea?묮 {U[\q6n:VGa!՜hRF ñihi-6ӞH>LZ`!?T$'iϩ#YXTر,!0}2l:#GQڮ>-L.M{ \i pf o>U< ıLUbET88l]7,՛Xe;9pM9~ :AS.cfDL3 A@OTIC'hk5.}C8U*y;P"Um\)ҧpG,^\~PG>BUK@gV- -YSjn3 ;|Toҵ@%KDFCipӞrJVqUB濙?O=~ԪbV=M "j$WU߬ Ls1Ô)R3khǡ3S翂;u 3mhͶ>gTq7t~ ԧn!ꂺשXTe10fW#s.I+$#@v*'L.ܠ 7K=v? ksw q%`EQ_͑<[7)`K19R2aKYbMRd៪R vUtT# $`S tEIMҞΩ!uW:+ô)Z+::>j瞏k5$*Xw ҚD?̴&m~]ܔjVkk=m`7fڅHB*Gdd%|=oR۩x>GuR{PDKݜ6m"uy絁rSLѢYCҐ"*L:޼ ?2˙r dZKp|]av^JreH˷"gfܪ o鸙 Kǃ^_ˊRNS387 epvN{57us0X3j~5086( LBw1lO1A^%k#[J}[TߴxbNw x fΌpzliv*0΁MO,U*E0=k@"WAR3J㚚/sOi3y>FVdY2QA̩5YZBW}X"ml\☚Bl'K%my݊58i3 -S`eS* ~f^`.RM4 4_DDn GQ>N:J&2o榒fn$g#%O.&-U*RX]HSAJg r\d?.CRu;qs m\џ:~sɖBy_KpLCt4܊3fNjZpc4A48&<`ԤA#1@E1 w܆cyITvZZqR4t87)*tw5ڗ݋OGxGU_AwuD(Dy}> ﵲJ^iipU^v~9"UozNe}M qޢoSRfB,&8 b:$LTKu{^auhoô 0խxҤHOyD=!hvgL;lh!/ c<8tvB p%qU=C٠ihM{k*O# V `!w>Bf I 1`=` n)Lb/z$h0kC'KQW2RkIAؔN;'6c D69FWxEɉ })$:,c>_ѯ8ʆ=?\3Z9ntHzdLlprj_tEQrzo4/J_O"Tc8LM]7SB9k)?E[DiLӖ'6ݳB[QqB8{7!m'iiR[TK4tJ)SBt (2HqPU6,O,'e=lHPq)KB)h%OIS9u>J=[uj{@İ&{6wgV%;HFë ;] Vi3_Ә\btODY+oyR|}iGJ^IjpVKM^Go4@:=Na.O\/ {gWNz*6g؍D;5u;2Q =dfP[_iL.tPo![m:]#޳=tW z-Qզ}luDaK6;q=zc/{~\AfqwOɭ2sXs\JSw4U_xr1N{O,ʼn3SM!=rŠsCW砆qW$U :tzD/ sϾDM>xua*uǣAlޜT`⹕x?vFCS]c?I^{iNiimUf0^لkH ^ݍD_-""NARn/ߍL9zd Gs He3D?ye1>޾3C]pbW?h@7X4q7TCSy[ƺD&qekEwWEKT7qzuYZS@b%y#GFm"jFc8e]SgP~1aM'LQ@/u,zxs*CBf#?U9j?Gs$;grЇ' -$T4x t?|7t5%pRx15y(1h4R o7lhr[vm7\9j>c \,0eLWNk"V#yΟc((c L2ȱc~mI~e4v_T cZXH;L z.$ wo,SO\bMZޣEQXKjjW˷v**6|cfڰ4{#rw tl "TT{ױ9^[2t~1=Giƽw o[RI';, A=v;"&3 GL\,B{Yj'4a)ch77PWyJ|c/ᒠA䖜xpS? cGRV>>zF<$GoE΀X#p&J1s"BA&1Sb9(|q ܞ]KDPiYm!ⳚPhRPq r9FSV>8V1D(d܀ѹ&(r:372_pC%ǝ%9YXƻ2 ٙzIUI>YJD ]b D)10fPjzU.;a(+f.dJ- <=5Ɉޤx]B0%ǀ/C:]pI1X^p}J*)7N{.}ii.BčpA7$vO%]ѰXp k t#> !7OUY.֓M=}NƴeBN+N:M֛YqeM30S;sNN@qpbֿ(xȕ n0ҽotDAP"p!Z2~״t+Rtd)C[ۗ]}!xtHREA*`)g4_\MjmpւRSvt ImJms63*Ui U %Jm30qO]"ڶP|-~w\Zja,9 c@3p"n j |"C(!Qp y. Nw⡪ )5^.cKPބkϼYiPg` g8BTL  I!0I LQ{J(̯O('DU+:M? 2 M@rsr茅DBd8$$ $}rQFg%$ɳznO-U^n`HCt# S butP⛌n=Zߋ]IImǴ5;Ȋ *`Σk9f |g=h~G uG WV뒲f5 cÛ B aHʰ 6c|&YHҥ̊;qhj&+*n nb~#<"1111j=J^S^1k8=#@s+Bo4sK`e]DO*L,mݡOT,Y3lFC#1XTosg;O 1z_D <*gWݒW_qz]T2芡kc3|U/tų]6 !qI%&ٮӭ]Jo H4B'܅8Aw$@x6GcյWimrJ_`˜#`cD.ZӈnpùM[[r_J;LgؠЦ_hO;ic0F§B`_ޙ*h=ޖj̈́o+8!dnz]ÓoZ6 g- q_IgK*v*%T_[ezoXKwܻ*΃/- S?|0t;JhU CCy {Vf&?㛤iiiiii,תilXӃĂ*XilչNI{~+gV/6q/\[H8[o%(ü*&Xê_ ?ۑ!d7[O<CB , VCe,Ix:?߈Ǻ8ź_$ohX^kRgikS 9{$)8 ]9o䌼MO[[uQe x)k:sK-Gnala)ڔ M79V}lmS^zt;oՅ }g⪏5+H_V~3Q[+Ibaw \kow-~"v7 _R:7 >((5shC?c!͍L MsAٶ;h`+@mU,->Ų ]͸򃧺Yesm%63wV¤dҘaY_ɮGbp4bɩy ( FRceĆYa+Iqlr?OEdD<jr{5h`p3x XVSpU:za~yc6i';/AVݹϫx)^x3Ł`EVe-+It')^4|VdЋgH<$q1P=S=JEQA7D ũ?пHGnCv(X:7K~cVxrMvE5Wq{+ Zih|!3bvOudE&kyxo4a3@aIDi;4=S\0+,[o01 7.F\H?I ѵ#>>EϛBU6^oWL77_gg\Wง$e&:BDa0DK 2,{CO$T*Dz 㻽9&'zÊUFs~bPZLF+L]!/H!/DH_na {N& @$>s>ښrI|m @j!OJ# a)p.d1!>wˢ 9̃ri9(iLʃx3Zz1lsϩєh,v WȥpL1yT*xzz_BtIkb".xf`˥5fL|8P;qQ:'0*BMQ*Z!ѤFm'ZJA9el9b_5#lzYC 'B/k&pZe Ǿj L>Y8Ow| 􄼥ެtoO%iѩ,վ[瓏|MYkE8a јKbJ\mcoZ+miy6H'ܺz1ý( lR%R\]XOC)JeR55g,:@8\SR+`{ 5m/^kQ }jkFK*q<ÖAH3c}XC@/0޻K{YV^@96ilnGȩ1sh&nݕt\NufϋTB}F =/նW멞ޞ[< BYYljm۲,Wn5RK$U%n'S9Wm6Ca N@E"黆f8TJ筄_D JzV=ligeJ \0]ta7L_ňVR>fD9mǦf,OByY2Ƅ1R,6$Ae ȃ5T?𜝮z~n+JM4[Y![q6g;R5-2hg3o‡ɀՄ^P>' :{~Q:Te|@"?{x d>M(q1IGgB?xN91K= oL{r qʉo(r8ֹIz# b ɛ,i|#3FhX0\' ^m3tnȈp樯MdC:}GLoC70Zh31:fldrBD ]T\Afh=So]z.p٥Moaqh X?1a)]WGr65C13]|w5;?\TxHU>h\`3V-1Ȩh Q HxD~S&giByX4?YC)C~}s< =wp%㱁gƄ0m͚1;mHCDkؚq] <${k*(/q5E bb{GTƩ; 'y_$)'NFU3DqU@q+LB͂z‚B|~H¬!2F?1J3# h_𙽹AgF0usX'(S[x.“pyu6we~tldxdf,5<ɖCGͪ$G71R=`C~\b @s!Z;ZQB<䱤Pl<^x7X/n g<ݯd?ݩ"{xC%1Qo&Wr5 SR\vEX &0rVg<񆾁OGB"X*=iBR(/ / x;*uo_7C|y0[W_,tUn0_]?&7S.wpyk;ُGkwv2kSյC5Afп~%s""M\L~}vhvxCo2Q2 5üEYR7`Y~8-hҍas;DS vH}1nD{>k'K]M~ςoDT)0F %0 dH==i<_h܍aqt5PC9jhN_qåzON|7q X>,4IΝJIQJr~˕jZ5Nn70k~2aYeIjbo9RR`"8 T:QȀFuo*K0+=q͐E1V(B8&LCH`czmcXڬxY%!:7i5@) ?8P2b/uqT|Ds@.s_>b2R ^Vٍv"҂yhp䃿 t088i;Ìc߃z~4@{4DkO ʰx7c^}F.U7sW˦=}`\x$x ˦Uȹj*՞/knjw:Kƈ DEKIf.ɑp .K-{w~"O(s1->rg }GсCȤ|'OBΉq:?#[Sh'փMwkc5f]Ӧ" ďϑaSޣw 5hzPmhd9@k cPښ191f3Γ8LW¿rˏ§>T#^c0.?f5V}qfkv9uƝ)Z7<"d`WNM_3Tf¥Md.^E⟐'N"L0ӟ)ȴY&b5b P|_A0#}!餿Lx +˄MEZڣm^+%:I㿆&RvƟ)9Fsx2h`=G(gѻl`\,"#QˌXMS{Zj*q9w I3,N;6hxbFtN[a&^SN-N:z"v'xoM"m4hPNP"quă!31{L% ( Eh^a n=#ID/n˦uMfβR$^@*S*aȹD.v R=m*t ʢ1?0?x$ >,Dʇ95O\`N]P`*3,`2d̴U[P4 um'#8B>ؾmQ޺bO66x}ij; +C&:;Outם@3 d97 _ }b:!A]=ۭ^!0^p,\ dz0Fṕ!hs#Q%` <[cJˍt/AKl2>WԷ @FODP7"y.g͙J&Ѯҩ,1Ał?qL#iC9 3|&u@yvDPvY'mm<^|c[潱%X0{nGOfyMŝ!Ю\WŔ+.)tO˰CNtNE/J^zXݿ&gsp4JѺ N7"`a|A@ZYs N $ <{U #i%/+`j7nMywwz:7{ *kW46* <:-o-@>0[?̋ϐ{ʾb16 ^f+>l g)dԅ2 !^xYu~ҕ^xDq1zLb5=E"O%6`G9a4'tu KтFr`N*Ͻ- &O",-]8SG >6z"`X!%ӫrX:}:x{ej =5wS?K#g= `5>gvC%z>oaX0~v18i&eihc 1g<Y4 v 0\>2_~b:0 ܂Lf'Z'p_M`{cX,Kr=Q!})@5Xk<HT=A@;U+P c'njDTH]AY>7s`},i6IB,0) h40=} ^;ؗ<R H+jVz}i6t} 枝 p)H0\=,J>1C9GT3s$Nm;+4H#QȴE|CZ~%]^*znVRU ~R8֢KJgQ5UR%.~ޑb/xČGCo8{,!~J<+Þ"fc@GH$'̜ςz/j[&5Ʀ Lwf 5NK'^h.ZJKT@MK}:8Lc3%V@o"써nBKw!8'0~UJ[tWFQOPYi$ބc_x94҃H_fa:f/|.IEe7,T_Fa+ %.h->]1t68j8/x `h. AwdMT-z3_ ߁@Tzt >D yFPpdH,8Am`[}2w1R!Zv߳-2H9$|j$&ՂuDpGM9ާ:0#7og#VQrlapT[*"MNI4|G џnT~B2`jjcb/uv\VbHwI;\"p3-K+~Wg4Qdf@:s=nPWGyqyn@`̻yxjX#z+-hܘL˦6 `Ȥ_/GxovBȡ!m%*y4|NȧTGv9Ԋaع(#яř};m=bz+Ҏ*ݥt]@ `7ᔊ_x '(2,AA„r2珽Z(:?D" %\  @TɑH ŸY;L~|g y<<<-b*3#r/i}An(ŧ|6ci`Oxx ;n]f%`_ mUhIY_QOۢؼۦz 'k7!Ycb di*/ξ0kMsW8<Ǜ9) l3zj $U*jF'+T+x8 u娟ʳlf#IM[D &5 Ǧ''ޅKQ`;}cB$<*5NM81/׸&'3R