Phatbot Author Arrested In Germany 190
Tacito writes "After arresting the author of Sasser, the German police claims having caught the author of Phatbot. To read the corresponding articles on Yahoo! News or Heise (use babelfish)."
jm.one adds a link to an "awesome Google translation" of the Heise article.
Germany is Busy! (Score:4, Insightful)
Re:Germany is Busy! (Score:5, Informative)
Phatbot is not a derivative of Sasser (Score:5, Informative)
Who told you that? I've analyzed both, and there is no relation between them at all in terms of code. The source code to Phatbot is public, and the compiled binary is around 250-300K as opposed to Sasser's 15K. Maybe you're thinking about Phatbot being a derivative of Agobot.
My writeups of both can be found here:
http://www.lurhq.com/phatbot.html [lurhq.com]
http://www.lurhq.com/sasser.html [lurhq.com]
YOU ARE WANTED BY GERMAN POLICE! (Score:1)
So what is illegal about it? (Score:4, Insightful)
From reading your description, it doesn't seem like Phatbot is a worm at all, but rather a trojan worse / remote administration tool. If all the guy did was write a trojan horse, and there is no evidence that he himself has been using it on other peoples machines, then he should not be under arrest. Source code is speech, right?
Bets are, that on The New Slashdot (tm) - you know, the one where stories about DMCA attacks are full of attacks against the coders rather than the company (Apple!) - this story will be full of people commending a the arrest of this guy for nothing other than writing software...
Re:So what is illegal about it? (Score:3, Insightful)
On the other hand, I'm having a hard time imagining what benign uses this thing could be put to. With DVD/e-book decrypters/rippers you can claim fair use, with port scanners you can claim that you're testing security of your own network, but with a worm? It's designed solely to infiltrate a host and spread - I can't think of any benign uses, let alone significant ones...
If you knowingly c
Re:So what is illegal about it? (Score:2)
Businessess build bombs all the time, but they don't generally let the public drive pick up trucks to the establishment.
In any event, creating safeguards is a good CYA move, in the event something makes its way out.
Re:So what is illegal about it? (Score:2)
If you'd ever know how many virus and worm related projects are written but not released "in the wild", you'd maybe talk different way. Self-replicating code is one of the more interesting areas of network-related programming. I remember writing code to defeat heuristics in virus scanners about a decade ago; it was a success (the essence was hoo
Re:So what is illegal about it? (Score:3, Informative)
Re:So what is illegal about it? (Score:2)
Re:Germany is Busy! (Score:1)
(- AFAIK Phatbot uses Sasser backdoors as one of many spreading options and is not a real derivative)
- according to German police the phatbot author was one of four people they were investigating because of hints they got from "US authorities"
- the Sasser author was caught because of a phone call of (someone close to the author) to Microsoft:
the caller was claiming to know the Sasser-author and offered some code snippets as "proof";
then
Hah (Score:5, Funny)
When asked about the arrest (Score:5, Funny)
Re:When asked about the arrest (Score:2, Troll)
Re:When asked about the arrest (Score:1)
"put that freakin sandwich down!"
Blah blah (Score:5, Interesting)
Re:Blah blah (Score:1)
Re:Blah blah (Score:4, Insightful)
This should not be surprising. Back in the day, there were far fewer machines on the net, and therefore fewer opportunities for something to spread, particularly if it was attacking random IP's, most of which would have been unused. Now it's a different story. Pick a number, and there's a good chance you've got some kind of host there. A nice soft and juicy vulnerable host almost everywhere you stab. That was not the case back in the day.
Re:Blah blah (Score:2, Interesting)
This should not be surprising. Back in the day, there were far fewer machines on the net, and therefore fewer opportunities for something to spread, particularly if it was attacking random IP's, most of which would have been unused. Now it's a different story. Pick a number, and there's a good chance you've got some kind of host there. A nice soft and juicy vulnerable host almost everywhere you stab. That was not the case back in the day.
Not only that but the people on the net back in the day were more
Don't forget diversity (Score:4, Insightful)
Back in the day, there were many more types of machines with many different software packages performing the same functions (such as email). Infections spread more rapidly in monocultures, in both biological and computer ecosystems.
Re:Blah blah (Score:3, Insightful)
Umm... no. It's a lot easier to propagate if you need no hierarchy. Imagine trying to tell the whole Internet about a DNS change with no plan. How many DNS updates do you think your box would get? And the overhead in the PKI system you would need to have to ensure they're real?
Kjella
Re:Blah blah (Score:3, Insightful)
Disconnect from the network now, before it's too late.
Er, did this really need a new news item? (Score:1)
Freaky... (Score:5, Interesting)
Here's [reuters.com] an English language report that mentions a Microsoft connection.
Re:Freaky... (Score:5, Informative)
US Authorities aparently provided the tip-offs in catching both authors.
Re:Freaky... (Score:1, Funny)
I bet the profilers never expected THAT kind of character would release a virus.
On a different note: is anyone interested in joining the Angry Loner's Rifle Association? Our motto: "Be a quiet man, and keep to yourself".
he is also responsible for netsky (Score:2, Informative)
this is subject to a press conference to be held tomorrow.
well that`s somehow impressive, which should not mean admirable
Re:he is also responsible for netsky (Score:3, Informative)
Okay Now (Score:1)
Re:Okay Now (Score:3, Funny)
Re:Okay Now (Score:2)
Put the... (Score:4, Funny)
Re:Put the... (Score:3, Funny)
^_^
Re:Put the... (Score:1)
Re:Put the... (Score:1)
Your vocabulary is out of date...
Re:Put the... (Score:1)
Re:Put the... (Score:2)
Got Evil? (Score:3, Insightful)
I'm still waiting for the day that one of these things wipes out the infected host after X hours/days. Ebola spreads fast and kills the host, why not a virus/worm?
I'll laugh when it happens.
Re:Got Evil? (Score:1)
Re:Got Evil? (Score:2, Insightful)
I never said it couldn't happen to me (in fact I'm writing this on my Win2K game box). Any system has holes but once wide spread carnage hits the Windows world only then will Ma & Pa Kettle give a serious look at other more robust systems with less holes. I don't support Windows for family & friends and rarely have to touch it at work so I really don't care. I think it's tantamount to having to smack a dog on the nose with a rolled up newspaper to train it not to keep shitting on the carpet.
Yes (Score:2)
I want these people to suffer something a little more than some network outages. Until there's some actual data/hardware damage, they're gonna go right on not giving a damn. They'll run their
Re:Yes (Score:2)
Re:Got Evil? (Score:2, Interesting)
Re:Got Evil? (Score:2)
Re:Got Evil? (Score:2)
Agreed, however... Just a matter of time before someone sticks a destructive payload on a more common exploit.
Re:Got Evil? (Score:3, Interesting)
Rushkoff (Score:2)
Think about the human host and how Ebola spreads itself around through the cardiovascular system. However, in the computer world, when you think about how the cardiovascular system more resembles the central nervous system in terms of speed, wouldn't the entire world be considered one host?
Re:Got Evil? (Score:2)
Re:Got Evil? (Score:2)
Actually there was one like this recently, that attacked some Windows personal firewall (the name escapes me). It would try to spread itself for a short while (some hours), and then killed the host.
Ebola spreads fast and kills the host, why not a virus/worm?
Ebola also burns itself out pretty fast. Too fast and you limit how well it can spread. Probably you'd want to maximize the total number of machin
Re:Got Evil? (Score:2)
Phatbot capabilities (Score:5, Interesting)
- Exploits all kinds of vulnerabilities.
- Sniffs network traffic for usernames and password.
- Steal IRC operator passwords.
- Can kill many other viruses and anti-virus software.
- Can steal CD keys for popular games.
- Can steal AOL passwords.
- Can harvest emails for spam purposes.
- And more.
Whomever made Phatbot sure spent *a lot* of work into it.
More details at: http://www.lurhq.com/phatbot.html [lurhq.com]
Also contains instructions to manually remove it from an infected system.
Re:Phatbot capabilities (Score:5, Insightful)
Re:Phatbot capabilities (Score:1)
Re:Phatbot capabilities (Score:3, Insightful)
Well written != capable. It's perfectly possible that this is just a bunch of exploits strung together, but that doesn't necessarily make it cohesive or "well written"..
My $0.02 - well written or not, it's a nasty bugger.
-Ben
Re:Phatbot capabilities (Score:3, Informative)
Note that Phatbot, as described on the page above, is mostly a failed experiment. That version uses WASTE to create the botnet, which is far less scalable than IRC. WASTE simply wasn't designed for the large number of clients typically in a single botnet.
Apart from that, Agobot/Phatbot/Gaobot (or what's it called today) is fairly nasty. Some early reports from March quote numbers which suggest that between one and two million hosts have been compromise
Re:Phatbot capabilities (Score:3, Funny)
- Answers questions sent on AIM
- Sets your minesweeper scores to 9 seconds
- Makes hot chocolate
not only does it do all that... (Score:2)
Real Justice (Score:5, Funny)
Re:Real Justice (Score:2, Insightful)
Yeah right! Convict tech support: I think we can help you with that problem, Mr. Customer, but first we'll need your user ID, password, and a valid credit card..."
Re:Real Justice (Score:1)
Aren't they... (Score:4, Funny)
Kjella
Re:Real Justice (Score:2)
Send those twits to the US.... (Score:4, Funny)
English link (Score:3)
Re:English link (Score:1)
Re:English link (Score:2)
http://sfgate.com/cgi-bin/article.cgi?f=/news/a
Just tested this one.
Re:English link (Score:2)
Re:English link (Score:3, Informative)
Here's [sfgate.com] the link...
post in HTML (Score:2)
<P>
It's actually pretty simple, and has the added bonus of giving people a hot-link.
Assuming he is the right one (II) (Score:1)
Previous Post [slashdot.org]
tipped by Microsoft Reward programm ? (Score:3, Informative)
And people in germany are allways complaining (Score:5, Funny)
Umlauts not required (Score:3, Funny)
When asked for a comment, one German prosecution authority said:
Ich bein ein kickinassenviruswriter.
Re:Umlauts not required (Score:1, Funny)
Manual Translation of Yahoo Article (Score:5, Informative)
Stuttgart (AP) - The presumed programming of the computer worm "Phatbot" was apprehended this weekend: as the state criminal police agency in Stuttgart and the responsible public prosecutor's office communicated on Saturday, an unemployed 21 year old was arrested near Lörrach. He admitted to having programmed, with other hackers, the Trojan "Agobot", which was later renamed to "Phatbot". There is currently no known direct connection between him and the "Sasser" programmer arrested in Niedersachsen.
The authorities searched for evidence on Friday, through the apartment of the suspect, as well as five possible accomplices in Baden-Wuerttemberg, Niedersachen, Hamburg and Bavaria. Numerous documents as well as computers and storage media were confiscated, and would have to be examined further. References from US Authorities helped provide evidence for the arrest of the suspect.
The 21 year-old had already aimed attacks at US and Brittish companies in 2003. The companies concerned were offline for several days and suffered damages in the millions. Also in Germany it was indicated that the suspect penetrated company computers. Aside from just the criminal consequences, substantial compesnation demands may be made.
The trojan mentioned is transferred to unsuspecting computers in order to take control of them. The initial evidence of the authorities of Baden-Württemberg points to the 21 year-old using the "Sasser" in order to develop the much more dangerous worm "Agobot/Phatbot".
Re:Manual Translation of Yahoo Article (Score:3, Interesting)
What I don't understand however is how
"There is currently no known direct connection between him and the "Sasser" programmer arrested in Niedersachsen."
is consistent with
"initial evidence of the authorities of Baden-Württemberg points to the 21 year-old using the "Sasser" in order to develop the much more dangerous worm "Agobot/Phatbot".
any ideas? or am I missing something.
Re:Manual Translation of Yahoo Article (Score:4, Informative)
One correction, though: The German article said that "Sasser" was used to spread "Phatbot", not to develop it.
Is there a connection between Phatbot and Sasser? (Score:4, Funny)
It seems most worms originate from other countries besides the USA. Could the worms be part of some Cyber Terrorist attack? If so, who is funding the development of these worms?
Re:Is there a connection between Phatbot and Sasse (Score:5, Insightful)
Why exactly do they need to be funded? Ever thought that they might be doing it because they get some deranged kick out of it, or so thay can brag about it or simply because they're sodding mental?
Too many worms to be a coincidence (Score:3, Funny)
Hmmm, commit an act of Cyber Terrorism like release a worm into the wild, and just because you do not live in the middle-east, you are automatically not a terrorist?
In the USA we have our own terrorists, perhaps you forgot about Oklahoma City?
Terrorism knows no countries or races or religions, it is an equal opportunity employer.
Yeah just a bunch of kids having fun.
"He
Re:Too many worms to be a coincidence (Score:2)
North Korea is suspected of training hackers [smh.com.au].
Re:Too many worms to be a coincidence (Score:5, Insightful)
Hmmm, commit an act of Cyber Terrorism like release a worm into the wild, and just because you do not live in the middle-east, you are automatically not a terrorist?
Wrong! You're not a terrorist because releasing a worm isn't terrorism.
Until the public starts to be actually terrified by computer worms, it's not terrorism. I thought that was obvious...
In the USA we have our own terrorists, perhaps you forgot about Oklahoma City?
Yes, and that was terrorism because, like many other terrorist actions, it featured sudden explosive death. No Windows Worm yet known can cause flaming bodyparts to rain from the sky.
Apparently it is an ambigous term (Score:2)
The worm had the potential to take power grids, etc offline.
The worm disrupted stock trading systems, organizations' Intranets, government systems, home users' systems, etc. Resulting in a denial of service in order to clean the worm off. Yes it did do damage, and while it did not blow anything up (thank goodness), it did instill a bit of terror into those who potentially could be infected.
While there was no apparent violence, there was damage to systems and a loss of service
Re:Apparently it is an ambigous term (Score:2)
There's so much wrong with your post, I won't even bother to address it point-by-point. I will say that just because some bad action has the potential to cause problems for the authorities / corporations / individuals, and this kind of disorder causes you or your clueless friends to be terrified does not make it terrorism (though it may define you as hopelessly neurotic). This distinction (is it a crime or is it terrorism?) has been co-opted by the current American justice department so they can use the "st
Re:Apparently it is an ambigous term (Score:2)
To quote "The Rock" "It does not matter what you think!"
Viruses are a form of Cyber Terrorism [anvilfire.com].
Cyber Terrorism can use Worms [businesssolutionsmag.com]
What you fail to recognize is that this is not just a US threat, it is a world threat. The worms released by Cyber Terrorists can just as easily infect systems throughout the world as they can US systems.
The more you ignore the problem, or the more you say it isn't t
Re:Apparently it is an ambigous term (Score:2)
Does that mean that incompetent system administration is terrorism?
The key word here is intent.
Yes the key word is intent (Score:2)
Sort of like the difference between manslaughter and muder.
Re:Apparently it is an ambigous term (Score:2)
Read the definition here.
Yes, why don't YOU go and read the definition of terrorism? Here, I'll copy it from that webpage to help you:
Re:Is there a connection between Phatbot and Sasse (Score:1, Funny)
Re:Is there a connection between Phatbot and Sasse (Score:1, Flamebait)
Re:Is there a connection between Phatbot and Sasse (Score:2, Insightful)
"your government"! haha. What country are you from?
Most of my posts are posted (Score:2)
Don't take everything I say too seriously, I am after all posting in character. That character being a Space Pirate from 4096AD who went back in the past to the late 20th and early 21st century and became a computer software developer who is now disabled and out of a job. So I know the future, and am posting based on that knowledge.
Cuckoo's Egg (Score:2, Informative)
What is so ironic is that at the time the FBI did not even consider hacking a crime because Berkley couldn't show a sufficient monetary loss. This is despite the fact that the
Re:Cuckoo's Egg (Score:3, Informative)
I'd just note a couple things (I re-read the book a couple weeks ago):
it took Stoll the better part of a year to catch the hacker in his book. It was really quite an amazing find, too, considering the number of dead-ends and various connection hops that the hacker took to get to Stoll's Berkley machine.
The actual hacker was not the one that was found dead, it
Re:Cuckoo's Egg (Score:3, Interesting)
If you haven't seen this interview [jkador.com] with Stoll, be sure to read it. It captures that quirky geekiness of his that makes Cuckoo's Egg such a great read.
Phatbot caught, but unfortunately... (Score:2, Funny)
...the skinnybot slipped through the net.
Interview With Clifford Stoll (Score:4, Informative)
Some favorite excerpts:
"The hacker. The speed of light. The beauty of constraints. What is about Clifford Stoll that arouses such a need for conversation? Cliff Stoll is a lunatic in the sanest sense of the word. He doesn't so much present an argument as digest it with his mouth open. It's not pretty but somehow it works."
"The lab's computer chargeback system had blown up because it could not account for 75 cents of computer time. It took three years for Stoll to prove that a spy was using the computer as a launching pad through Internet to hack at hundreds of military, industrial, and academic computers in search of secrets for the KGB."
"My friends accused me of being co-opted by the State. But I didn't exactly feel like a tool of the ruling class, unless imperialist running dog puppets breakfasted on stale granola. My guts told me that the CIA should know and I ought to tell them."
ah .... (Score:2)
What can I say - I watch a lot of Futurama.
Double Standard? (Score:2, Interesting)
Isn't it ironic, don't ya think, that on one hand everyone is "Free Mitnick!" yet on the other hand everyone is "Tar and feather these German virus writers!"
Don't get me wrong, I'm in the "Free Mitnick" crowd and firmly in the "string up virus writers and spammers by the gonads" camp... but why is this?
Perhaps because Kevin was just another one of "us" who learned and didn't really seem to have done harm, yet those of us who have had to deal personally with the hassle of servers being taken down by a vi
Re:Fucking Nazis (Score:2)
Sounds like this guys got a job at Microsoft if he wants !.