Suspect arrested in Phatbot, Agobot malware case

IDG News Service - A 21-year-old German man was arrested and has admitted to creating the ubiquitous and dangerous Trojan horse programs Agobot and Phatbot, but he isn't connected to the alleged author of the Sasser Internet worm, who is also from Germany and was arrested last week (see story), a police spokesman said.
German police arrested the man on Friday in the southern German town of Waldshut and charged him under the country's computer sabotage law for attacks on computers in Germany, the U.K. and the U.S. linked to Agobot and Phatbot. Five other men were also charged in connection with the so-called Trojan horse programs, but there is no link to the arrest of an 18-year-old in connection with Sasser, said Horst Haug, a spokesman for the State Bureau of Investigation in Baden-Wuerttemberg.
Authorities arrested the Phatbot author, a "self-taught" hacker, following tips in recent weeks from the FBI, Haug said. Police searched the suspect's home and seized computer hardware, software and documents.
Agobot is a Trojan horse program that surreptitiously runs on computers running Microsoft Corp.'s Windows operating systems, providing malicious hackers with secret access to the compromised system. Since first appearing in October 2002, hundreds of versions of Agobot have been detected, including variants called Gaobot, Phatbot and Polybot.
The computer code for Agobot circulates widely on the Internet, and may have been modified by countless individuals with access to it, said Mikko Hypponen, manager of antivirus research at F-Secure Corp. in Helsinki, Finland.
Despite that, German authorities believe they have the original author of the Trojan horse, Haug said. "He confessed to being the original author. He said he created both Agobot and Phatbot," he said.
Two other Waldshut men were also arrested in connection with the Agobot Trojan. Arrests were also made in Bavaria, Lower Saxony and Hamburg in the case. The men are believed to work together to make Trojan horse programs and "other viruses," Haug said.

On that same day, police in Lower Saxony, in northern Germany, arrested an 18 -year-old and charged him with creating the Sasser worm, which appeared on May 1. That man is also being investigated on suspicion of creating the Netsky worm (see story) but doesn't appear to be connected to the Agobot group, Haug said.
The Sasser arrest followed a tip to Microsoft Deutschland GmbH from individuals who asked about the possibility of receiving a reward in exchange for information about the creator of the Sasser worm, said Brad Smith, senior vice president and general counsel at Microsoft, in a

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.