Phatbot Author Arrested In Germany 190
Tacito writes "After arresting the author of Sasser, the German police claims having caught the author of Phatbot. To read the corresponding articles on Yahoo! News or Heise (use babelfish)."
jm.one adds a link to an "awesome Google translation" of the Heise article.
he is also responsible for netsky (Score:2, Informative)
this is subject to a press conference to be held tomorrow.
well that`s somehow impressive, which should not mean admirable
Re:Germany is Busy! (Score:5, Informative)
Phatbot is not a derivative of Sasser (Score:5, Informative)
Who told you that? I've analyzed both, and there is no relation between them at all in terms of code. The source code to Phatbot is public, and the compiled binary is around 250-300K as opposed to Sasser's 15K. Maybe you're thinking about Phatbot being a derivative of Agobot.
My writeups of both can be found here:
http://www.lurhq.com/phatbot.html [lurhq.com]
http://www.lurhq.com/sasser.html [lurhq.com]
Re:Freaky... (Score:5, Informative)
US Authorities aparently provided the tip-offs in catching both authors.
tipped by Microsoft Reward programm ? (Score:3, Informative)
Manual Translation of Yahoo Article (Score:5, Informative)
Stuttgart (AP) - The presumed programming of the computer worm "Phatbot" was apprehended this weekend: as the state criminal police agency in Stuttgart and the responsible public prosecutor's office communicated on Saturday, an unemployed 21 year old was arrested near Lörrach. He admitted to having programmed, with other hackers, the Trojan "Agobot", which was later renamed to "Phatbot". There is currently no known direct connection between him and the "Sasser" programmer arrested in Niedersachsen.
The authorities searched for evidence on Friday, through the apartment of the suspect, as well as five possible accomplices in Baden-Wuerttemberg, Niedersachen, Hamburg and Bavaria. Numerous documents as well as computers and storage media were confiscated, and would have to be examined further. References from US Authorities helped provide evidence for the arrest of the suspect.
The 21 year-old had already aimed attacks at US and Brittish companies in 2003. The companies concerned were offline for several days and suffered damages in the millions. Also in Germany it was indicated that the suspect penetrated company computers. Aside from just the criminal consequences, substantial compesnation demands may be made.
The trojan mentioned is transferred to unsuspecting computers in order to take control of them. The initial evidence of the authorities of Baden-Württemberg points to the 21 year-old using the "Sasser" in order to develop the much more dangerous worm "Agobot/Phatbot".
Re:he is also responsible for netsky (Score:3, Informative)
Re:Phatbot capabilities (Score:3, Informative)
Note that Phatbot, as described on the page above, is mostly a failed experiment. That version uses WASTE to create the botnet, which is far less scalable than IRC. WASTE simply wasn't designed for the large number of clients typically in a single botnet.
Apart from that, Agobot/Phatbot/Gaobot (or what's it called today) is fairly nasty. Some early reports from March quote numbers which suggest that between one and two million hosts have been compromised, and the bot still very active.
Re:English link (Score:3, Informative)
Here's [sfgate.com] the link...
Re:Manual Translation of Yahoo Article (Score:4, Informative)
One correction, though: The German article said that "Sasser" was used to spread "Phatbot", not to develop it.
Cuckoo's Egg (Score:2, Informative)
What is so ironic is that at the time the FBI did not even consider hacking a crime because Berkley couldn't show a sufficient monetary loss. This is despite the fact that the hacker was after military research. How times have changed! In any event, Stoll's ability to use his scientific training as a astronomer, his basic knowledge of computers and programming mixed with a quantum of social engineering and a massive honey pot, he was able to trace this hacker back to a KGB agent in Germany.
If I recall correctly, instead of being arrested, this hacker was found dead in his burnt out car in the middle of a forest somewhere in East or West Germany. It's a great read.
Interview With Clifford Stoll (Score:4, Informative)
Some favorite excerpts:
"The hacker. The speed of light. The beauty of constraints. What is about Clifford Stoll that arouses such a need for conversation? Cliff Stoll is a lunatic in the sanest sense of the word. He doesn't so much present an argument as digest it with his mouth open. It's not pretty but somehow it works."
"The lab's computer chargeback system had blown up because it could not account for 75 cents of computer time. It took three years for Stoll to prove that a spy was using the computer as a launching pad through Internet to hack at hundreds of military, industrial, and academic computers in search of secrets for the KGB."
"My friends accused me of being co-opted by the State. But I didn't exactly feel like a tool of the ruling class, unless imperialist running dog puppets breakfasted on stale granola. My guts told me that the CIA should know and I ought to tell them."
Re:Cuckoo's Egg (Score:3, Informative)
I'd just note a couple things (I re-read the book a couple weeks ago):
it took Stoll the better part of a year to catch the hacker in his book. It was really quite an amazing find, too, considering the number of dead-ends and various connection hops that the hacker took to get to Stoll's Berkley machine.
The actual hacker was not the one that was found dead, it was his accomplice, who was heavily into drugs and more bent on the 'illegal' side of things. The hacker did his (relatively short, by today's standards) prison term, got out, and started a computer business, IIRC.
It's interesting to note that, considering what the hacker did, he would be considered a terrorist by today's standards and swiftly brought to the US for a trial - if he gets that much. He was deep within military networks with material that is essentially classified now due to changing classifications. I'd argue that back then it was industrial/military espionage, but it doesn't seem to have been considered as such in the trial.
Re:So what is illegal about it? (Score:1, Informative)
Germany doesn't have a constitutional right to free speech in the same way as the US. There are some laws that address the subject, but they don't go nearly as far as their American equivalents.
A good example of this is that, in Germany, denying the Holocaust is a criminal offence.
Re:So what is illegal about it? (Score:3, Informative)
Re:Manual Translation of Yahoo Article (Score:1, Informative)
References from US Authorities helped provide evidence for the arrest of the suspect.
References from US Authorities helped finding the suspect.
The 21 year-old had already aimed attacks at US and Brittish companies in 2003.
This sounds for me like it is already proven but in german it is more like, the prosecutor believe it was so. Otherwise he would have been charged in 2003.
The last paragraph is more like a general explanation about trojans.
So:
A trojan is transferred to unsuspecting computers in order to take control of them.
Would be better I believe.
mfg
X3K6A2
me@x3k6a2.net