Slashdot Mirror
Phatbot Author Arrested In Germany
Tacito writes "After arresting the author of Sasser, the German police claims having caught the author of Phatbot. To read the corresponding articles on Yahoo! News or Heise (use babelfish)."
jm.one adds a link to an "awesome Google translation" of the Heise article.
say some sources (www.heise.de).
...
this is subject to a press conference to be held tomorrow.
well that`s somehow impressive, which should not mean admirable
No, Phatbot (or Agobot, which seems to be the more correct name) is NOT a Sasser derivative. Recent Agobot version were extended for attacking Microsoft Windows machines using the same LSASS defect, but this doesn't make Agobot make a derivative of Sasser.
Who told you that? I've analyzed both, and there is no relation between them at all in terms of code. The source code to Phatbot is public, and the compiled binary is around 250-300K as opposed to Sasser's 15K. Maybe you're thinking about Phatbot being a derivative of Agobot.
My writeups of both can be found here:
http://www.lurhq.com/phatbot.html
http://www.lurhq.com/sasser.html
According to the article, there *is* no connection between the two. Phatbot was developed from Agobot.
US Authorities aparently provided the tip-offs in catching both authors.
Mielipiteet omiani - Opinions personal, facts suspect.
In google news: HANOVER, Germany (Reuters) - A tip from reward-seekers and information from Microsoft led to the arrest of an 18-year-old suspected of creating the "Sasser" computer worm, German police and the software giant said on Saturday. Spokesman Frank Federau for Lower Saxony police said police were certain they had the man behind one of the Internet's most costly outbreaks of sabotage. "We are absolutely certain that this really is the creator of the Internet worm because Microsoft experts were involved in the inquiry and confirmed our suspicions and because the suspect admitted to it," he said in an interview with Reuters Television. It was the lure of cash that proved the man's undoing. A group of individuals from Lower Saxony approached Microsoft (MSFT.O: Quote, Profile, Research) on Wednesday inquiring about reward money should they turn in the man. The U.S. software giant in the past has put bounties of up to $250,000 on the heads of other notorious virus writers. Microsoft general consul Brad Smith told reporters the company agreed to pay the informants if there is a conviction. "They did not stumble upon him through technical analysis. They were aware of who he was," Smith said, declining to elaborate on their relationship to the suspect and saying only the number of informants was less than five. The economic toll of Sasser may never be known, but it claimed some big scalps, including Germany's Deutsche Post (DPWGn.DE: Quote, Profile, Research) , Britain's coastguard stations and investment bank Goldman Sachs (GS.N: Quote, Profile, Research) . "COMPUTER FREAK" Federau said the man, who he described as a highly intelligent "computer freak" living with his parents, was arrested on Friday near the central German town of Rotenburg but was no longer in custody. Authorities and Microsoft said they suspect the man created all the versions of Sasser, adding he worked alone He is also believed to be a main person, if not the mastermind, behind the Netsky viruses that have been plaguing Internet users since February, Smith said. All the man's computers were confiscated by police, Federau said. Since appearing one week ago, Sasser has wreaked havoc on personal computers running on the ubiquitous Microsoft Windows 2000, NT and XP operating systems, but is expected to slow down as computer users download anti-virus patches. The computing underground responsible for hatching worms and viruses has proved a difficult ring to crack for law enforcement and security experts were surprised at the rapid arrest. (Additional reporting by Bernhard Warner in London and James Mackenzie in Hanover) © Reuters 2004. All Rights Reserved.
Please note, I am merely an American German Student. Any native German speakers are welcome to correct me:
Stuttgart (AP) - The presumed programming of the computer worm "Phatbot" was apprehended this weekend: as the state criminal police agency in Stuttgart and the responsible public prosecutor's office communicated on Saturday, an unemployed 21 year old was arrested near Lörrach. He admitted to having programmed, with other hackers, the Trojan "Agobot", which was later renamed to "Phatbot". There is currently no known direct connection between him and the "Sasser" programmer arrested in Niedersachsen.
The authorities searched for evidence on Friday, through the apartment of the suspect, as well as five possible accomplices in Baden-Wuerttemberg, Niedersachen, Hamburg and Bavaria. Numerous documents as well as computers and storage media were confiscated, and would have to be examined further. References from US Authorities helped provide evidence for the arrest of the suspect.
The 21 year-old had already aimed attacks at US and Brittish companies in 2003. The companies concerned were offline for several days and suffered damages in the millions. Also in Germany it was indicated that the suspect penetrated company computers. Aside from just the criminal consequences, substantial compesnation demands may be made.
The trojan mentioned is transferred to unsuspecting computers in order to take control of them. The initial evidence of the authorities of Baden-Württemberg points to the 21 year-old using the "Sasser" in order to develop the much more dangerous worm "Agobot/Phatbot".
Sig.i>
More details at: http://www.lurhq.com/phatbot.html
Note that Phatbot, as described on the page above, is mostly a failed experiment. That version uses WASTE to create the botnet, which is far less scalable than IRC. WASTE simply wasn't designed for the large number of clients typically in a single botnet.
Apart from that, Agobot/Phatbot/Gaobot (or what's it called today) is fairly nasty. Some early reports from March quote numbers which suggest that between one and two million hosts have been compromised, and the bot still very active.
That's cuz Slash breaks it up to avoid the page widening trolls.
Here's the link...
The only reason we have the rights we have is that people just like us died to gain those rights. -- Cheerio Boy
Clifford Stoll book "Cuckoo's Egg:Tracking a Spy Through the Maze of Computer Espionage" details his encounter with a german hacker in the 1980's. It was the book that inspired my interest and career in computers and eventually as a System Administrator. In 1990, Nova made a documentary about it called "The KGB, CIA, Computer and Me".
What is so ironic is that at the time the FBI did not even consider hacking a crime because Berkley couldn't show a sufficient monetary loss. This is despite the fact that the hacker was after military research. How times have changed! In any event, Stoll's ability to use his scientific training as a astronomer, his basic knowledge of computers and programming mixed with a quantum of social engineering and a massive honey pot, he was able to trace this hacker back to a KGB agent in Germany.
If I recall correctly, instead of being arrested, this hacker was found dead in his burnt out car in the middle of a forest somewhere in East or West Germany. It's a great read.
After posting this thread, I found a great interview with Cliff.
Some favorite excerpts:
"The hacker. The speed of light. The beauty of constraints. What is about Clifford Stoll that arouses such a need for conversation? Cliff Stoll is a lunatic in the sanest sense of the word. He doesn't so much present an argument as digest it with his mouth open. It's not pretty but somehow it works."
"The lab's computer chargeback system had blown up because it could not account for 75 cents of computer time. It took three years for Stoll to prove that a spy was using the computer as a launching pad through Internet to hack at hundreds of military, industrial, and academic computers in search of secrets for the KGB."
"My friends accused me of being co-opted by the State. But I didn't exactly feel like a tool of the ruling class, unless imperialist running dog puppets breakfasted on stale granola. My guts told me that the CIA should know and I ought to tell them."
Source code is speech, right?
Germany doesn't have a constitutional right to free speech in the same way as the US. There are some laws that address the subject, but they don't go nearly as far as their American equivalents.
A good example of this is that, in Germany, denying the Holocaust is a criminal offence.
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck