Slashdot Mirror
Phatbot Author Arrested In Germany
Tacito writes "After arresting the author of Sasser, the German police claims having caught the author of Phatbot. To read the corresponding articles on Yahoo! News or Heise (use babelfish)."
jm.one adds a link to an "awesome Google translation" of the Heise article.
Trying to revive the Reich by destroying Patriotic American Technology. All of Germany should be held responsible for the actions of these individuals.
Germany is really cracking down today! Either that, or perhaps the Sasser writer gave up the Phatbot author? I'm guessing that one arrest lead to the other, considering Phatbot is a Sasser derivative.
The dangers of knowledge trigger emotional distress in human beings.
In other news, German Authorities claim they have caught the moth that got caught in the Mark II. News at 11.
Setec Astronomy
Police Sgt. Schultz said "I know NOTHING! NOTHING!!"
I bet the sasser author rolled over on the phatbot author.
The Doormat
If you're not outraged, then you're not paying attention.
I must say that I find it very interesting that people are able to spread worms this fast nowadays. Back in the day it took weeks or months to see something, and most people had already patched the worms by then, but now it's crazy, a worm can propagate to the entire world in a day! Even faster than DNS :D Maybe something for the BIND developers to consider?
This info was mentioned in the referenced slashdot story.
I just heard this news on NPR and thought I'd submit it to /. but I was scooped. NPR said that he was a "student" and lived with his parents. They said he admitted to being the Sasser worm author but failed to mention the Phatbot connection.
Here's an English language report that mentions a Microsoft connection.
say some sources (www.heise.de).
...
this is subject to a press conference to be held tomorrow.
well that`s somehow impressive, which should not mean admirable
Now let's take them both out into the street and tar and feather them... :-)
Got 'em as a result of interrogation. Just like Saddam.
... phatbot author in a phat jail cell behind some phatbars, and that's only because he doesn't know how to spell FAT!
Free Firefox news reader.
I'm still waiting for the day that one of these things wipes out the infected host after X hours/days. Ebola spreads fast and kills the host, why not a virus/worm?
I'll laugh when it happens.
Trolling is a art,
are they hacking from home or something? why aren't they using unsecured wifi or similar injection points?
btw, it's trivial to get a system where you can change your ethernet MAC address and anything else that might be recorded
not bragging about your exploits and working alone would help too, but that's a different matter altogether
Phatbot is insanely well-written. A while ago I read a web page about what Phatbot can do:
- Exploits all kinds of vulnerabilities.
- Sniffs network traffic for usernames and password.
- Steal IRC operator passwords.
- Can kill many other viruses and anti-virus software.
- Can steal CD keys for popular games.
- Can steal AOL passwords.
- Can harvest emails for spam purposes.
- And more.
Whomever made Phatbot sure spent *a lot* of work into it.
More details at: http://www.lurhq.com/phatbot.html
Also contains instructions to manually remove it from an infected system.
If convicted, they should force him to work end user tech support during his jailtime. Of course, I'm sure some treaty out there would deem that cruel and unusual punishment and recommend execution as a more humane alternative. :)
WWJD?
JWRTFM!
Who told you that? I've analyzed both, and there is no relation between them at all in terms of code. The source code to Phatbot is public, and the compiled binary is around 250-300K as opposed to Sasser's 15K. Maybe you're thinking about Phatbot being a derivative of Agobot.
My writeups of both can be found here:
http://www.lurhq.com/phatbot.html
http://www.lurhq.com/sasser.html
so that they can find out what "exploiting a backdoor" is all about.
http://sfgate.com/cgi-bin/article.cgi?f=/news/arch ive/2004/05/08/international1226EDT0513.DTL
- Zav - Imagine a Beowulf cluster of insensitive clods...
Previous Post
In google news: HANOVER, Germany (Reuters) - A tip from reward-seekers and information from Microsoft led to the arrest of an 18-year-old suspected of creating the "Sasser" computer worm, German police and the software giant said on Saturday. Spokesman Frank Federau for Lower Saxony police said police were certain they had the man behind one of the Internet's most costly outbreaks of sabotage. "We are absolutely certain that this really is the creator of the Internet worm because Microsoft experts were involved in the inquiry and confirmed our suspicions and because the suspect admitted to it," he said in an interview with Reuters Television. It was the lure of cash that proved the man's undoing. A group of individuals from Lower Saxony approached Microsoft (MSFT.O: Quote, Profile, Research) on Wednesday inquiring about reward money should they turn in the man. The U.S. software giant in the past has put bounties of up to $250,000 on the heads of other notorious virus writers. Microsoft general consul Brad Smith told reporters the company agreed to pay the informants if there is a conviction. "They did not stumble upon him through technical analysis. They were aware of who he was," Smith said, declining to elaborate on their relationship to the suspect and saying only the number of informants was less than five. The economic toll of Sasser may never be known, but it claimed some big scalps, including Germany's Deutsche Post (DPWGn.DE: Quote, Profile, Research) , Britain's coastguard stations and investment bank Goldman Sachs (GS.N: Quote, Profile, Research) . "COMPUTER FREAK" Federau said the man, who he described as a highly intelligent "computer freak" living with his parents, was arrested on Friday near the central German town of Rotenburg but was no longer in custody. Authorities and Microsoft said they suspect the man created all the versions of Sasser, adding he worked alone He is also believed to be a main person, if not the mastermind, behind the Netsky viruses that have been plaguing Internet users since February, Smith said. All the man's computers were confiscated by police, Federau said. Since appearing one week ago, Sasser has wreaked havoc on personal computers running on the ubiquitous Microsoft Windows 2000, NT and XP operating systems, but is expected to slow down as computer users download anti-virus patches. The computing underground responsible for hatching worms and viruses has proved a difficult ring to crack for law enforcement and security experts were surprised at the rapid arrest. (Additional reporting by Bernhard Warner in London and James Mackenzie in Hanover) © Reuters 2004. All Rights Reserved.
about this country falling behind when it comes to technology. Rejoice, it doesnt seem to be that bad after all.
When asked for a comment, one German prosecution authority said:
Ich bein ein kickinassenviruswriter.
Please note, I am merely an American German Student. Any native German speakers are welcome to correct me:
Stuttgart (AP) - The presumed programming of the computer worm "Phatbot" was apprehended this weekend: as the state criminal police agency in Stuttgart and the responsible public prosecutor's office communicated on Saturday, an unemployed 21 year old was arrested near Lörrach. He admitted to having programmed, with other hackers, the Trojan "Agobot", which was later renamed to "Phatbot". There is currently no known direct connection between him and the "Sasser" programmer arrested in Niedersachsen.
The authorities searched for evidence on Friday, through the apartment of the suspect, as well as five possible accomplices in Baden-Wuerttemberg, Niedersachen, Hamburg and Bavaria. Numerous documents as well as computers and storage media were confiscated, and would have to be examined further. References from US Authorities helped provide evidence for the arrest of the suspect.
The 21 year-old had already aimed attacks at US and Brittish companies in 2003. The companies concerned were offline for several days and suffered damages in the millions. Also in Germany it was indicated that the suspect penetrated company computers. Aside from just the criminal consequences, substantial compesnation demands may be made.
The trojan mentioned is transferred to unsuspecting computers in order to take control of them. The initial evidence of the authorities of Baden-Württemberg points to the 21 year-old using the "Sasser" in order to develop the much more dangerous worm "Agobot/Phatbot".
Sig.i>
Yahoo
:-)
Stuttgart (AP) The assumedly programmer of the computer virus has been arrested this weekend. As federal police authorities and the public attorney's office told, a 21 year old umemployed has been arrested. He has confessed to programmed agobot together with other programmed, which was later renamed to phatbot.
Until now there is no evidence for a connection between him and the sasser programmer, which has been arrested in "Niedersachsen" (a federal state of Germany)
Authorities said, they searched the house of the suspect and those of 5 other hackers (from Baden-Würtemberg, Niedersachsen, Hamburg Bavaria) on friday, Several documents, computers and storage media has been secured. They told the suspects have been traced because of evidence from US-authorities.
Evidence also indicate that 21 year old has been selective attacking companies from the US and Great Britain since 2003. Those companies have been offline for several days and the attacks caused damage worth millions(?) of dollars. PCs of german companies have been infiltrated, too. Besides the penal they will also be sued for high compensation.
So called "trojans" have been used to infiltrate other computers in order to get control of them. According to the evidence of the authorities of Baden Würtemberg the 21 year old used the worm sasser to spread his self-developed and much more dangerous worm agobot/phatbot.
a rought translation, sorry for the mistakes - english is not my native-language
Could the authors of both worms be part of some German Cyber Terrorist group?
It seems most worms originate from other countries besides the USA. Could the worms be part of some Cyber Terrorist attack? If so, who is funding the development of these worms?
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
First of all, the sasser author was a 18 year old german. Phatbot author is reported to be 21 years old. Do not mix these two.
Phatbot author has not done anything that is truly illegal, atleast not publicly reported. All he has done is write source code. Source code is free speech, and the code even has a license.
Sasser author on the other hand create a _worm_ and set it loose on the internet. Phatbot/Agobot is _NOT_ a worm, even though some AV's claim it is.
If Saddam Hussein or the 9/11 terrorists had written this worm, there would have been no accountability for it whatsoever.
who is funding the development of these worms?
Mountain Dew, Mcdonalds, Krispy Kreme, Haggen daas
hehehe...phatbot
or the riaa? anyways next time I pucblish a paper Ill make sure NOBODY is able to trace it back to me :)
Amazing as it may seem, not everyone who is out to do damage is part of a terrorist group. No, seriously! Probably only 0.5% of your average doing-bad-things person is a member of a terrorist organisation. I was as shocked as you are, it's incredible! All these people running around causing trouble without having the decency to live in a country you can bomb. I've found that you can actually travel around huge areas of Europe without even running into a terrorist, even in France!</sarcasm>
Why exactly do they need to be funded? Ever thought that they might be doing it because they get some deranged kick out of it, or so thay can brag about it or simply because they're sodding mental?
They're members of the "Phatbin laden" terrorist group.
From reading your description, it doesn't seem like Phatbot is a worm at all, but rather a trojan worse / remote administration tool. If all the guy did was write a trojan horse, and there is no evidence that he himself has been using it on other peoples machines, then he should not be under arrest. Source code is speech, right?
Bets are, that on The New Slashdot (tm) - you know, the one where stories about DMCA attacks are full of attacks against the coders rather than the company (Apple!) - this story will be full of people commending a the arrest of this guy for nothing other than writing software...
North Korea, for example, spends $3 Billion USD a year to have viruses developed. I wonder how many other countries have such a program?
Hmmm, commit an act of Cyber Terrorism like release a worm into the wild, and just because you do not live in the middle-east, you are automatically not a terrorist?
In the USA we have our own terrorists, perhaps you forgot about Oklahoma City?
Terrorism knows no countries or races or religions, it is an equal opportunity employer.
Yeah just a bunch of kids having fun.
"Hey Gunthar, look at this worm I wrote, it takes 250K bytes of space."
"That is nothing Wolfgang, my worm only takes 15K of code."
"Ok Gunthar, let us release both of them onto the Internet and see which one wins!"
"Ok, but afterwords let's brag about them on IRC."
"Deal!"
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
Considering that only a small part of the computers of the world reside in the USA there is nothing surpricing about the majoirity of software being written outside of said contry, regardless of style, application or authors intent.
...one and the same? Though I suppose it takes a little longer for the brain cells to die during tech support...
Kjella
Live today, because you never know what tomorrow brings
Der Autor hat gesassen!
MfG,
Letter
it still looks like german to me!
Well thank you for falling into the rhetoric supplied by your government. You make a fine American, never questioning, always assuming that the evils your told that are ever looming are responsible for everything bad that happens. 15 or so years ago, you would have been wondering if it was a communist plot to take down America.
"I use a Mac because I'm just better than you are."
Clifford Stoll book "Cuckoo's Egg:Tracking a Spy Through the Maze of Computer Espionage" details his encounter with a german hacker in the 1980's. It was the book that inspired my interest and career in computers and eventually as a System Administrator. In 1990, Nova made a documentary about it called "The KGB, CIA, Computer and Me".
What is so ironic is that at the time the FBI did not even consider hacking a crime because Berkley couldn't show a sufficient monetary loss. This is despite the fact that the hacker was after military research. How times have changed! In any event, Stoll's ability to use his scientific training as a astronomer, his basic knowledge of computers and programming mixed with a quantum of social engineering and a massive honey pot, he was able to trace this hacker back to a KGB agent in Germany.
If I recall correctly, instead of being arrested, this hacker was found dead in his burnt out car in the middle of a forest somewhere in East or West Germany. It's a great read.
Just hang them all.
...the skinnybot slipped through the net.
Sheesh, evil *and* a jerk. -- Jade
After posting this thread, I found a great interview with Cliff.
Some favorite excerpts:
"The hacker. The speed of light. The beauty of constraints. What is about Clifford Stoll that arouses such a need for conversation? Cliff Stoll is a lunatic in the sanest sense of the word. He doesn't so much present an argument as digest it with his mouth open. It's not pretty but somehow it works."
"The lab's computer chargeback system had blown up because it could not account for 75 cents of computer time. It took three years for Stoll to prove that a spy was using the computer as a launching pad through Internet to hack at hundreds of military, industrial, and academic computers in search of secrets for the KGB."
"My friends accused me of being co-opted by the State. But I didn't exactly feel like a tool of the ruling class, unless imperialist running dog puppets breakfasted on stale granola. My guts told me that the CIA should know and I ought to tell them."
Your analogy seems sound. Here is some more food for thought:
Think about the human host and how Ebola spreads itself around through the cardiovascular system. However, in the computer world, when you think about how the cardiovascular system more resembles the central nervous system in terms of speed, wouldn't the entire world be considered one host?
...will probably be the headline in another couple of hours - once the Slashdot mods have finished translating the news from German.
From what I gather there has been a great deal of "exploiting backdoors" going on there...
We apologise for the fault in this post. Those responsible have been sacked. -- Signed RICHARD M. NIXON
Because it won't happen. I have a firewall. If it's a vulnerablity that makes it through my firewall, I won't be laughing. But if all you needed to do was turn on iptables with some basic rules (or install a program from someone that's done the hard work for you already), you deserve to get you're computer trashed.
I want these people to suffer something a little more than some network outages. Until there's some actual data/hardware damage, they're gonna go right on not giving a damn. They'll run their restore disk everytime it happens and go on with their lives. Meanwhile they're slowing the net to a crawl and infecting more of their unprotected breathren. Why are people stupid? Because they can be. I wanna see a virus that makes it so they can't.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
<P>
It's actually pretty simple, and has the added bonus of giving people a hot-link.
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
Well, thank you for being a total cynic, probably either A) from a country that was stupid enough to follow the US blindly up until about 15 years ago, or B) a person from the other side of the Iron curtain with a lot of tension that is still being released.
"your government"! haha. What country are you from?
The n-tv article in the other Slashdot article already mentioned that the Phatbot author had been captured.
Robot Hoouuusssseeee!
What can I say - I watch a lot of Futurama.
To celebrate the occasion of my 1000th post, I will post no more forever on Slashdot. Goodbye.
and the idiots that use and support them
http://en.wikipedia.org/wiki/2004_U.S._Election_c
Isn't it ironic, don't ya think, that on one hand everyone is "Free Mitnick!" yet on the other hand everyone is "Tar and feather these German virus writers!"
Don't get me wrong, I'm in the "Free Mitnick" crowd and firmly in the "string up virus writers and spammers by the gonads" camp... but why is this?
Perhaps because Kevin was just another one of "us" who learned and didn't really seem to have done harm, yet those of us who have had to deal personally with the hassle of servers being taken down by a virus/worm or of personally cleaning our machines or worse --- losing data or time that could be better spent getting girlfriends or boyfriends?
Bah. So hang the bastards, hang 'em high, is what I say.
The worm had the potential to take power grids, etc offline.
The worm disrupted stock trading systems, organizations' Intranets, government systems, home users' systems, etc. Resulting in a denial of service in order to clean the worm off. Yes it did do damage, and while it did not blow anything up (thank goodness), it did instill a bit of terror into those who potentially could be infected.
While there was no apparent violence, there was damage to systems and a loss of service and more damage. There also was a spread of terror. Many people I knew were too afraid to even turn on their computers for fear that the Phatbot or Sasser worm would infect their systems.
Apparently you support this type of action and think the authors of said worms should be regarded as heroes? Well I do not, and think they should be brought to justice and held accountable for the damage they caused.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
The most amusing thing is that the poster probably was aiming for a 'Score:5, Interesting'
It even does Windows!
Haha, I bet that the number of arrest of crackers goes up. And part of that will be because of arrogance on the crackers part. Everyone thinks that law enforcement are baffoons, but they are as technologically adept, as a lot of hackers, and they have the privliges of law to make it easier.
Spammers maybe?? i would love for them to find a nice big list of spammers using his service so to speak.
Jack of all trades,master of none
Back in the day, there were many more types of machines with many different software packages performing the same functions (such as email). Infections spread more rapidly in monocultures, in both biological and computer ecosystems.
Looking at the source code of the AgoBot version dated 3/21/04, the email address "theago@gmx.net" is mentioned to be that of Ago. Of course, GMX is a German email provider, so it would make sense that he was the one in fact caught.
Having had to fix several relatives' PCs that were infected with viruses, I say that judicial procedures are too lenient on these bastards.
Just announce on a website that virus authors frequent to watch a particular webcam broadcast.
In that the virus writer is led into a room followed by many computer support techs, and the viewers get to see the writer beaten to death for the thousands of hours he caused them due to his viruws/worm.
A jail sentence is too lenient for these little shitheads. Beat them to death. I'm tired of dealing with the after affects of their irresponsibility. Now to get all my relatives switched over to macs and OSX....
He must be an OSS developer.
tsst
"There is nothing more frightful than ignorance in action." Johann Wolfgang von Goethe
it is that the system administrators did not do that sort of damage on purpose if it does indeed happen. The worm writers, on the other hand, knew what their worms would do and released them anyway. Unless, for some odd reason, the worms were not meant to be released and got released accidentally? I call that the "Morris Defense" after the Arpanet Worm.
:)
Sort of like the difference between manslaughter and muder.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
in a humoris manner, it is a personality flaw of mine.
Don't take everything I say too seriously, I am after all posting in character. That character being a Space Pirate from 4096AD who went back in the past to the late 20th and early 21st century and became a computer software developer who is now disabled and out of a job. So I know the future, and am posting based on that knowledge.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.