Euro Cops Catch Suspected Botnet OperatorsBy Matt Hines | Posted 06-27-2006
European law enforcement officials arrested three men believed to be behind the creation and distribution of multiple strands of malware code.
The three men are also suspected of having operated a so-called botnet network built from the PCs that their viruses infected over the Internet.
The British Metropolitan Police's Computer Crime Unit, along with the Finnish National Bureau of Investigation and Finnish Pori Police Department reported that they arrested a 63-year-old man in Suffolk, England along with a 28-year-old man in Scotland and a 19-year-old man in Finland on June 27.
The three men are being charged by local officials for operating a conspiracy to infect computers with malware, and are believed to be at least part of the virus-writing team identified publicly by the name M00P.
"This highly organized group are suspected of writing new computer viruses in order to avoid detection by anti-virus products," the British Metro Police said in a statement.
"They have been primarily targeting UK businesses since at least 2005, and during this time thousands of computers are known to have been infected across the globe."
The group won its name with malware researchers and law enforcement officials based on its practice of leaving the word M00P somewhere in the lines of software code used to deliver its attacks.
Researchers said the name has shown up in multiple attacks, many of which were sophisticated and sought to take over the PCs of unsuspecting people who came in contact with the viruses.
According to anti-malware applications specialists Sophos, based in Abingdon, UK, the M00P gang are believed to have written viruses including the W32/Dogbot spyware worm, Troj/Hackarmy-C, Troj/Santabot-A, Troj/Shuckbot-A, W32/Rbot-BF and W32/Tibick-A.
References to M00P are also contained inside the Stinx Trojan horse, company officials said, which was mass-e-mailed to users in 2005 offering the subject line "Photo Approval Needed," and which sought to take advantage of root kit software formerly distributed by Sony on its music CDs.
The M00P team is considered unique in that most malware writers involved in such organized crimes go to great lengths to disguise their identities, while the arrested men appeared to seek some form of notoriety by including their name in their attacks.
Unlike so-called script kiddieswriters of the Web's earliest attacks who appeared more interested in gaining popularity than making moneymost criminals seeking to cash in on their viruses tend to keep as a low a profile as possible, said Ron O'Brien, senior security analyst for Sophos.
"Any time that you can find a fingerprint in the code, that's the smoking gun, and we had that in this case," said O'Brien.
Read the full story on eWEEK.com: Euro Cops Catch Suspected Botnet Operators