The Trojan horse allowed the hacker to spy upon infected users.
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have welcomed news that a man has pleaded guilty to writing and distributing a Trojan horse designed to steal usernames and passwords from computer users.
Richard C Honour, 31, faces a maximum penalty of five years in prison and a fine of $250,000 after admitting releasing malware that infected users of DarkMyst, an IRC chatroom popular with players of online role-playing games.
Honour, also known as Fyle/Anatoly, sent messages to other IRC users claiming to contain links to online movies. However, users who clicked on the links were infected with a Trojan horse instead. Honour used the Trojan horse to open a backdoor on infected PCs, spy on his victims, steal banking details and commit identity theft.
Following complaints from internet users the FBI investigated the case, and Honour was arrested at his home in Kenmore, Washington. Agents found evidence on Honour's computer indicating that he had written the malicious code, and stolen information from victims' computers.
"Criminals like Richard Honour lure the unwary by disguising their Trojan horses as seemingly harmless links to movie files," said Graham Cluley, senior technology consultant for Sophos. "The rise of the Trojan has been one of the key developments in cybercrime in recent years, as hackers increasingly use them to steal information and money from unsuspecting internet users. Everyone should be on their guard against this type of attack - and the authorities should be congratulated for bringing complicated cases such as this to a successful resolution."
Sentencing is scheduled for 4 May, 2007, in St Louis, Missouri.
In January, Sophos published its Security Threat Report 2007, which revealed the rise in use by hackers of Trojan horses. The report can be downloaded from the Sophos website:
Sophos recommends companies automatically update their corporate virus protection, and run a consolidated solution at the email gateway to defend against viruses, spyware and spam.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.