Phatbot Author Arrested In Germany

Tacito writes "After arresting the author of Sasser, the German police claims having caught the author of Phatbot. To read the corresponding articles on Yahoo! News or Heise (use babelfish)." jm.one adds a link to an "awesome Google translation" of the Heise article.

Blah blah

[Leffe]

I must say that I find it very interesting that people are able to spread worms this fast nowadays. Back in the day it took weeks or months to see something, and most people had already patched the worms by then, but now it's crazy, a worm can propagate to the entire world in a day! Even faster than DNS :D Maybe something for the BIND [isc.org] developers to consider?

Freaky...

[robslimo]

I just heard this news on NPR and thought I'd submit it to /. but I was scooped. NPR said that he was a "student" and lived with his parents. They said he admitted to being the Sasser worm author but failed to mention the Phatbot connection.

Here's [reuters.com] an English language report that mentions a Microsoft connection.

Phatbot capabilities

[FooBarWidget]

Phatbot is insanely well-written. A while ago I read a web page about what Phatbot can do:
- Exploits all kinds of vulnerabilities.
- Sniffs network traffic for usernames and password.
- Steal IRC operator passwords.
- Can kill many other viruses and anti-virus software.
- Can steal CD keys for popular games.
- Can steal AOL passwords.
- Can harvest emails for spam purposes.
- And more.
Whomever made Phatbot sure spent *a lot* of work into it.

More details at: http://www.lurhq.com/phatbot.html [lurhq.com]
Also contains instructions to manually remove it from an infected system.

Re:Got Evil?

[ckuijjer]

I always thought Ebola didn't spread really good because of it killing the host too quick. Maybe an analogy holds for computer viruses.

Re:Manual Translation of Yahoo Article

[flyingdisc]

I had a similar interpretation of the article.

What I don't understand however is how
"There is currently no known direct connection between him and the "Sasser" programmer arrested in Niedersachsen."

is consistent with
"initial evidence of the authorities of Baden-Württemberg points to the 21 year-old using the "Sasser" in order to develop the much more dangerous worm "Agobot/Phatbot".

any ideas? or am I missing something.

Re:Got Evil?

[ites]

There is an analysis of this by HeironymousCoward [slashdot.org]. Basically a 'hot' virus like Ebola destroys its hosts too quickly for it to spread. So viruses tend to become 'cooler' over time. The loophole for computer viruses is that a wide-spread cool virus can become a vector for a new hot virus. So while one single virus is unlikely to do significant damage, a series of viruses could do very great damage. And you probably will not laugh when it happens.

Double Standard?

[Dieppe]

Isn't it ironic, don't ya think, that on one hand everyone is "Free Mitnick!" yet on the other hand everyone is "Tar and feather these German virus writers!"

Don't get me wrong, I'm in the "Free Mitnick" crowd and firmly in the "string up virus writers and spammers by the gonads" camp... but why is this?

Perhaps because Kevin was just another one of "us" who learned and didn't really seem to have done harm, yet those of us who have had to deal personally with the hassle of servers being taken down by a virus/worm or of personally cleaning our machines or worse --- losing data or time that could be better spent getting girlfriends or boyfriends?

Bah. So hang the bastards, hang 'em high, is what I say.

Re:Cuckoo's Egg

[joel_archer]

It was that combination of scientific method and social engineering that made Stoll's aproach so effective. That and his persistance and ability to use very basic tools to accomplish the near impossible, all the while accumulating enough evidence to allow a successful prosecution.

If you haven't seen this interview [jkador.com] with Stoll, be sure to read it. It captures that quirky geekiness of his that makes Cuckoo's Egg such a great read.

Re:Blah blah

[_w00d_]

This should not be surprising. Back in the day, there were far fewer machines on the net, and therefore fewer opportunities for something to spread, particularly if it was attacking random IP's, most of which would have been unused. Now it's a different story. Pick a number, and there's a good chance you've got some kind of host there. A nice soft and juicy vulnerable host almost everywhere you stab. That was not the case back in the day.

Not only that but the people on the net back in the day were more technically savvy than the average Internet user today. Everyone and their brother has net access now including ignorant people who run anything people send them.

Re:So what is illegal about it?

[Anonymous Coward]

Ah the age old technique of creating an inappropriate analogy to try and prove a point.

If someone built a bomb and and knowingly let a friend take it then he would be an accomplice. If someone broke into his garage and stole it then he cannot be charged now can he. Same for the academics, if someone writes a virus and another person steals it (using whatever method you like)and releases it into the wild then the writer is not responsible for it infecting computers and causing damage.

and yes, suprsisingly some peopel DO write this for academic interest, proof of concept programs, just seeing if you can do it etc etc.

Just because you don't want to give something a try doens't mean no one else will, there ARE 6 billion different minds on this planet.