Phatbot Author Arrested In Germany

Tacito writes "After arresting the author of Sasser, the German police claims having caught the author of Phatbot. To read the corresponding articles on Yahoo! News or Heise (use babelfish)." jm.one adds a link to an "awesome Google translation" of the Heise article.

Germany is Busy!

[mfh]

Germany is really cracking down today! Either that, or perhaps the Sasser writer gave up the Phatbot author? I'm guessing that one arrest lead to the other, considering Phatbot is a Sasser derivative.

Got Evil?

[grub]

I'm still waiting for the day that one of these things wipes out the infected host after X hours/days. Ebola spreads fast and kills the host, why not a virus/worm?

I'll laugh when it happens.

Re:Got Evil?

[grub]

I never said it couldn't happen to me (in fact I'm writing this on my Win2K game box). Any system has holes but once wide spread carnage hits the Windows world only then will Ma & Pa Kettle give a serious look at other more robust systems with less holes. I don't support Windows for family & friends and rarely have to touch it at work so I really don't care. I think it's tantamount to having to smack a dog on the nose with a rolled up newspaper to train it not to keep shitting on the carpet.

Re:Phatbot capabilities

[glpierce]

Isn't it also possible that they just strung together code from a bunch of worms which did each of those things independently?

Re:Real Justice

[Mudcathi]

"If convicted, they should force him to work end user tech support during his jailtime."

Yeah right! Convict tech support: I think we can help you with that problem, Mr. Customer, but first we'll need your user ID, password, and a valid credit card..."

Re:Phatbot capabilities

[mcrbids]

Phatbot is insanely well-written. A while ago I read a web page about what Phatbot can do:

Well written != capable. It's perfectly possible that this is just a bunch of exploits strung together, but that doesn't necessarily make it cohesive or "well written"..

My $0.02 - well written or not, it's a nasty bugger.

-Ben

Re:Is there a connection between Phatbot and Sasse

[AllUsernamesAreGone]

Amazing as it may seem, not everyone who is out to do damage is part of a terrorist group. No, seriously! Probably only 0.5% of your average doing-bad-things person is a member of a terrorist organisation. I was as shocked as you are, it's incredible! All these people running around causing trouble without having the decency to live in a country you can bomb. I've found that you can actually travel around huge areas of Europe without even running into a terrorist, even in France!&lt/sarcasm>

Why exactly do they need to be funded? Ever thought that they might be doing it because they get some deranged kick out of it, or so thay can brag about it or simply because they're sodding mental?

So what is illegal about it?

[hanssprudel]

From reading your description, it doesn't seem like Phatbot is a worm at all, but rather a trojan worse / remote administration tool. If all the guy did was write a trojan horse, and there is no evidence that he himself has been using it on other peoples machines, then he should not be under arrest. Source code is speech, right?

Bets are, that on The New Slashdot (tm) - you know, the one where stories about DMCA attacks are full of attacks against the coders rather than the company (Apple!) - this story will be full of people commending a the arrest of this guy for nothing other than writing software...

Re:So what is illegal about it?

[Tim+C]

Well, if all he did was write it, and someone else let it loose on the net, then perhaps he shouldn't be under arrest.

On the other hand, I'm having a hard time imagining what benign uses this thing could be put to. With DVD/e-book decrypters/rippers you can claim fair use, with port scanners you can claim that you're testing security of your own network, but with a worm? It's designed solely to infiltrate a host and spread - I can't think of any benign uses, let alone significant ones...

If you knowingly create something that can only be used for ill, then I think that you should be held responsible for its use.

Re:Too many worms to be a coincidence

[Minna+Kirai]

Hmmm, commit an act of Cyber Terrorism like release a worm into the wild, and just because you do not live in the middle-east, you are automatically not a terrorist?

Wrong! You're not a terrorist because releasing a worm isn't terrorism.

Until the public starts to be actually terrified by computer worms, it's not terrorism. I thought that was obvious...

In the USA we have our own terrorists, perhaps you forgot about Oklahoma City?

Yes, and that was terrorism because, like many other terrorist actions, it featured sudden explosive death. No Windows Worm yet known can cause flaming bodyparts to rain from the sky.

Re:Blah blah

[Feanturi]

I must say that I find it very interesting that people are able to spread worms this fast nowadays. Back in the day it took weeks or months to see something, and most people had already patched the worms by then, but now it's crazy, a worm can propagate to the entire world in a day!

This should not be surprising. Back in the day, there were far fewer machines on the net, and therefore fewer opportunities for something to spread, particularly if it was attacking random IP's, most of which would have been unused. Now it's a different story. Pick a number, and there's a good chance you've got some kind of host there. A nice soft and juicy vulnerable host almost everywhere you stab. That was not the case back in the day.

Re:Is there a connection between Phatbot and Sasse

[ObiWonKanblomi]

Well, thank you for being a total cynic, probably either A) from a country that was stupid enough to follow the US blindly up until about 15 years ago, or B) a person from the other side of the Iron curtain with a lot of tension that is still being released.

"your government"! haha. What country are you from?

Re:Blah blah

[Kjella]

Maybe something for the BIND developers to consider?

Umm... no. It's a lot easier to propagate if you need no hierarchy. Imagine trying to tell the whole Internet about a DNS change with no plan. How many DNS updates do you think your box would get? And the overhead in the PKI system you would need to have to ensure they're real?

Kjella

Re:Blah blah

a worm can propagate to the entire world in a day!

Try 10 minutes. Google for "warhol worm". Be afraid, be very very afraid. If a worm like that had a destructive payload (not just wiping HDDs, but think flashing BIOS, overdriving monitors etc.), the material and immaterial damages would be counted in billions or trillions of dollars.

Disconnect from the network now, before it's too late.

Don't forget diversity

[Prof.+Pi]

Back in the day, there were far fewer machines on the net, and therefore fewer opportunities for something to spread

Back in the day, there were many more types of machines with many different software packages performing the same functions (such as email). Infections spread more rapidly in monocultures, in both biological and computer ecosystems.