Men questioned in UK and USA regarding internet Trojan horse

Sophos Press Release

Officers of the National Hi-Tech Crime Unit (NHTCU) are interviewing two UK men, a 19-year-old electrician from Darlington and an unemployed 21-year-old from Durham, in connection with a Trojan horse troubling internet users.

The interviews follow searches of two properties in County Durham. Evidence is said to have been retrieved related to computer and drugs offences.

Meanwhile, the US multi-agency CATCH team (Computer and Technology Crime Hi-Tech Response Team) based in Southern California conducted a simultaneous search of an address in Champaign, Illinois, USA. A 17-year-old youth living at the address is being questioned by authorities.

The CATCH team consists of representatives from the Riverside County Sheriff's Department, Riverside County District Attorney's Office, United States Secret Service, Department of Justice, and the FBI among others.

According to the NHTCU the two UK-based men may be members of an international hacking group called the "Thr34t Krew". According to a press release issued by the NHTCU the hacking gang created a Trojan horse, called Troj/TKBot-A or "TK Worm", which infected a number of computers in the UK and caused an estimated £5.5 million worth of damage.

Sophos researchers believe that Trojan exploits a vulnerability that is found on some Microsoft IIS web servers. Microsoft has released a patch that reportedly eliminates the vulnerability. It is available from Microsoft's website at

Just last month British virus writer Simon Vallor was sentenced to two years in prison for writing three viruses reported to have infected 27,000 computers in 42 countries.

"Computer crime authorities around the world are getting better at working together and more sophisticated in tackling those determined to disrupt legitimate computer use," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "This is not the first time police have co-operated across the Atlantic to investigate alleged hackers and virus writers, and it won't be the last."

"Hacking and virus writing are serious crimes. They are costing UK firms millions of pounds in lost business and downtime. Our task is to track down those people who seek to hamper companies by reducing their ability to do business," said Detective Superintendent Mick Deats, Deputy Head of the NHTCU.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at