Men questioned in UK and USA regarding internet Trojan horse

February 06, 2003 Sophos Press Release

Officers of the National Hi-Tech Crime Unit (NHTCU) are interviewing two UK men, a 19-year-old electrician from Darlington and an unemployed 21-year-old from Durham, in connection with a Trojan horse troubling internet users.

The interviews follow searches of two properties in County Durham. Evidence is said to have been retrieved related to computer and drugs offences.

Meanwhile, the US multi-agency CATCH team (Computer and Technology Crime Hi-Tech Response Team) based in Southern California conducted a simultaneous search of an address in Champaign, Illinois, USA. A 17-year-old youth living at the address is being questioned by authorities.

The CATCH team consists of representatives from the Riverside County Sheriff's Department, Riverside County District Attorney's Office, United States Secret Service, Department of Justice, and the FBI among others.

According to the NHTCU the two UK-based men may be members of an international hacking group called the "Thr34t Krew". According to a press release issued by the NHTCU the hacking gang created a Trojan horse, called Troj/TKBot-A or "TK Worm", which infected a number of computers in the UK and caused an estimated £5.5 million worth of damage.

Sophos researchers believe that Trojan exploits a vulnerability that is found on some Microsoft IIS web servers. Microsoft has released a patch that reportedly eliminates the vulnerability. It is available from Microsoft's website at http://www.microsoft.com/technet/security/bulletin/MS00-078.asp.

Just last month British virus writer Simon Vallor was sentenced to two years in prison for writing three viruses reported to have infected 27,000 computers in 42 countries.

"Computer crime authorities around the world are getting better at working together and more sophisticated in tackling those determined to disrupt legitimate computer use," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "This is not the first time police have co-operated across the Atlantic to investigate alleged hackers and virus writers, and it won't be the last."

"Hacking and virus writing are serious crimes. They are costing UK firms millions of pounds in lost business and downtime. Our task is to track down those people who seek to hamper companies by reducing their ability to do business," said Detective Superintendent Mick Deats, Deputy Head of the NHTCU.