Experts at SophosLabs™, Sophos's global
network of virus, spyware and spam analysis centers, have welcomed
news that authorities in the UK and Finland have arrested three men
in connection with computer worm attacks.
The British Metropolitan Police's Computer Crime Unit, the
Finnish National Bureau of Investigation and the Finnish Pori
Police Department, have arrested a 63-year-old man in Ipswich, a
28-year-old man in the Grampian region of Scotland, and a
19-year-old man in Helsinki, Finland. The men, who are all
suspected of being members of the m00p virus-writing gang, have
been arrested in connection with a conspiracy to infect computers
with malware.
Police are now examining computer equipment seized at the
residential addresses raided for evidence.
"The police in the UK and Finland should be congratulated for
investigating this computer crime ring and breaking up the gang
before it can do any more harm to innocent web surfers and
businesses," said Graham Cluley, senior
technology consultant for Sophos. "It's great to see one less virus
writing gang, but the sad fact is, however, that this is probably
just the tip of the iceberg. More and more criminals around the
globe are being tempted by the anonymity the internet offers to
commit their crimes online. A strong message needs to be sent out
that those who engage in malicious computer attacks will receive
severe punishment."
The m00p group are believed to have written malware in order to
create a zombie network (or botnet) of compromised computers under
their control. Analysis by Sophos experts have confirmed that there
are many pieces of malware which include references to the m00p
gang including the W32/Dogbot spyware worm,
Troj/Hackarmy-C,
Troj/Santabot-A,
Troj/Shuckbot-A,
W32/Rbot-BF, and
W32/Tibick-A.
References to m00p are are also contained inside the Stinx Trojan horse, which
was spammed out widely attached to emails with the subject line
"Photo Approval Needed".
The Stinx Trojan horse contained a reference to
the m00p gang inside its code.
"Zombie computers can be used by criminal hackers to launch
distributed denial-of-service attacks, spread spam messages or to
steal confidential information and commit identity theft,"
continued Cluley. "Every computer owner needs to take steps to
reduce the chances of their computer being turned into a zombie
under the control of hackers."
The men arrested in Suffolk and Scotland are not the first to
have been arrested in the United Kingdom in connection with virus
writing. In 2003 Welsh virus writer Simon Vallor was
sentenced to two years in jail for malware he had created, and in
1995 Christopher Pile (also known as "The Black Baron") was jailed
for 18 months for writing and distributing the SMEG viruses.
It is believed that the 28-year-old Scottish man arrested was
already known to the police, and has been on bail since January
charged with offences related to distributed denial-of-service
(DDoS) attacks.
The Stinx Trojan horse hit the headlines in late 2005, when
Sophos experts revealed that
it was designed to exploit the controversial Sony DRM (Digital
Rights Management) copy protection included on some of the music
giant's CDs.
Why is the group called m00p?
There is some debate as to how the gang chose the name "m00p"
according to experts at Sophos.
Some believe that the virus writing gang chose the name of their
group after an episode of the South Park cartoon series where the
characters formed a band called 'Moop'. The episode involved some
non-too-subtle arguments about how filesharing affects the music
industry.
Another theory which has been suggested is that the name is a
reference to an episode of the Seinfeld comedy show where the
'Moops' are mentioned during a game of Trivial Pursuit against the
Bubble Boy. Ironically, the character of the Bubble Boy was the
inspiration for another
virus in 1999.
However, a member of the m00p group has claimed that the name
pre-dates these TV shows, and originates from an expression he used
as a child.
Sophos continues to recommend that companies protect all tiers
of their organization - their desktops, servers and email gateways
- with automatically updated anti-virus
software to reduce the risk of infection.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.