Slashdot Mirror
Phatbot Author Arrested In Germany
Tacito writes "After arresting the author of Sasser, the German police claims having caught the author of Phatbot. To read the corresponding articles on Yahoo! News or Heise (use babelfish)."
jm.one adds a link to an "awesome Google translation" of the Heise article.
Germany is really cracking down today! Either that, or perhaps the Sasser writer gave up the Phatbot author? I'm guessing that one arrest lead to the other, considering Phatbot is a Sasser derivative.
The dangers of knowledge trigger emotional distress in human beings.
In other news, German Authorities claim they have caught the moth that got caught in the Mark II. News at 11.
Setec Astronomy
Police Sgt. Schultz said "I know NOTHING! NOTHING!!"
I must say that I find it very interesting that people are able to spread worms this fast nowadays. Back in the day it took weeks or months to see something, and most people had already patched the worms by then, but now it's crazy, a worm can propagate to the entire world in a day! Even faster than DNS :D Maybe something for the BIND developers to consider?
I just heard this news on NPR and thought I'd submit it to /. but I was scooped. NPR said that he was a "student" and lived with his parents. They said he admitted to being the Sasser worm author but failed to mention the Phatbot connection.
Here's an English language report that mentions a Microsoft connection.
... phatbot author in a phat jail cell behind some phatbars, and that's only because he doesn't know how to spell FAT!
Free Firefox news reader.
I'm still waiting for the day that one of these things wipes out the infected host after X hours/days. Ebola spreads fast and kills the host, why not a virus/worm?
I'll laugh when it happens.
Trolling is a art,
Phatbot is insanely well-written. A while ago I read a web page about what Phatbot can do:
- Exploits all kinds of vulnerabilities.
- Sniffs network traffic for usernames and password.
- Steal IRC operator passwords.
- Can kill many other viruses and anti-virus software.
- Can steal CD keys for popular games.
- Can steal AOL passwords.
- Can harvest emails for spam purposes.
- And more.
Whomever made Phatbot sure spent *a lot* of work into it.
More details at: http://www.lurhq.com/phatbot.html
Also contains instructions to manually remove it from an infected system.
If convicted, they should force him to work end user tech support during his jailtime. Of course, I'm sure some treaty out there would deem that cruel and unusual punishment and recommend execution as a more humane alternative. :)
WWJD?
JWRTFM!
Don't you mean tar and gzip them? :)
Who told you that? I've analyzed both, and there is no relation between them at all in terms of code. The source code to Phatbot is public, and the compiled binary is around 250-300K as opposed to Sasser's 15K. Maybe you're thinking about Phatbot being a derivative of Agobot.
My writeups of both can be found here:
http://www.lurhq.com/phatbot.html
http://www.lurhq.com/sasser.html
so that they can find out what "exploiting a backdoor" is all about.
about this country falling behind when it comes to technology. Rejoice, it doesnt seem to be that bad after all.
Please note, I am merely an American German Student. Any native German speakers are welcome to correct me:
Stuttgart (AP) - The presumed programming of the computer worm "Phatbot" was apprehended this weekend: as the state criminal police agency in Stuttgart and the responsible public prosecutor's office communicated on Saturday, an unemployed 21 year old was arrested near Lörrach. He admitted to having programmed, with other hackers, the Trojan "Agobot", which was later renamed to "Phatbot". There is currently no known direct connection between him and the "Sasser" programmer arrested in Niedersachsen.
The authorities searched for evidence on Friday, through the apartment of the suspect, as well as five possible accomplices in Baden-Wuerttemberg, Niedersachen, Hamburg and Bavaria. Numerous documents as well as computers and storage media were confiscated, and would have to be examined further. References from US Authorities helped provide evidence for the arrest of the suspect.
The 21 year-old had already aimed attacks at US and Brittish companies in 2003. The companies concerned were offline for several days and suffered damages in the millions. Also in Germany it was indicated that the suspect penetrated company computers. Aside from just the criminal consequences, substantial compesnation demands may be made.
The trojan mentioned is transferred to unsuspecting computers in order to take control of them. The initial evidence of the authorities of Baden-Württemberg points to the 21 year-old using the "Sasser" in order to develop the much more dangerous worm "Agobot/Phatbot".
Sig.i>
Could the authors of both worms be part of some German Cyber Terrorist group?
It seems most worms originate from other countries besides the USA. Could the worms be part of some Cyber Terrorist attack? If so, who is funding the development of these worms?
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
Can't you people get anything right? The Sasser author allegedly did Netsky.
Saying Java is nice because it works on all OS's is like saying that anal sex is nice because it works on all genders.
Amazing as it may seem, not everyone who is out to do damage is part of a terrorist group. No, seriously! Probably only 0.5% of your average doing-bad-things person is a member of a terrorist organisation. I was as shocked as you are, it's incredible! All these people running around causing trouble without having the decency to live in a country you can bomb. I've found that you can actually travel around huge areas of Europe without even running into a terrorist, even in France!</sarcasm>
Why exactly do they need to be funded? Ever thought that they might be doing it because they get some deranged kick out of it, or so thay can brag about it or simply because they're sodding mental?
From reading your description, it doesn't seem like Phatbot is a worm at all, but rather a trojan worse / remote administration tool. If all the guy did was write a trojan horse, and there is no evidence that he himself has been using it on other peoples machines, then he should not be under arrest. Source code is speech, right?
Bets are, that on The New Slashdot (tm) - you know, the one where stories about DMCA attacks are full of attacks against the coders rather than the company (Apple!) - this story will be full of people commending a the arrest of this guy for nothing other than writing software...
...one and the same? Though I suppose it takes a little longer for the brain cells to die during tech support...
Kjella
Live today, because you never know what tomorrow brings
Hmmm, commit an act of Cyber Terrorism like release a worm into the wild, and just because you do not live in the middle-east, you are automatically not a terrorist?
Wrong! You're not a terrorist because releasing a worm isn't terrorism.
Until the public starts to be actually terrified by computer worms, it's not terrorism. I thought that was obvious...
In the USA we have our own terrorists, perhaps you forgot about Oklahoma City?
Yes, and that was terrorism because, like many other terrorist actions, it featured sudden explosive death. No Windows Worm yet known can cause flaming bodyparts to rain from the sky.
After posting this thread, I found a great interview with Cliff.
Some favorite excerpts:
"The hacker. The speed of light. The beauty of constraints. What is about Clifford Stoll that arouses such a need for conversation? Cliff Stoll is a lunatic in the sanest sense of the word. He doesn't so much present an argument as digest it with his mouth open. It's not pretty but somehow it works."
"The lab's computer chargeback system had blown up because it could not account for 75 cents of computer time. It took three years for Stoll to prove that a spy was using the computer as a launching pad through Internet to hack at hundreds of military, industrial, and academic computers in search of secrets for the KGB."
"My friends accused me of being co-opted by the State. But I didn't exactly feel like a tool of the ruling class, unless imperialist running dog puppets breakfasted on stale granola. My guts told me that the CIA should know and I ought to tell them."
It was that combination of scientific method and social engineering that made Stoll's aproach so effective. That and his persistance and ability to use very basic tools to accomplish the near impossible, all the while accumulating enough evidence to allow a successful prosecution.
If you haven't seen this interview with Stoll, be sure to read it. It captures that quirky geekiness of his that makes Cuckoo's Egg such a great read.
Back in the day, there were many more types of machines with many different software packages performing the same functions (such as email). Infections spread more rapidly in monocultures, in both biological and computer ecosystems.