U.K., Finnish Police Crack Malware Gang, Arrest 3

The United Kingdom’s Metropolitan Police Computer Crime Unit and Finland’s National Bureau of Investigation have broken up a gang of malware writers, arresting three men.

The arrested include a 63-year-old man from Suffolk, a 28-year-old Scottish man and a 19-year-old in Finland.

The three were suspected of being members of the “M00P” virus-writing group, although according to senior technology consultant Graham Cluley of IT security firm Sophos, “it is not clear if they had written it by themselves.”

The malware was designed to gain a backdoor entry into PCs, turning them into a zombie network of computers (or botnet) that they could remotely control, said Cluley.

“Zombie computers can be used by criminal hackers to launch distributed denial-of-service attacks, spread spam messages or to steal confidential information and commit identity theft,” continued Cluley.

A Sophos analysis confirmed that there are many pieces of malware that make references to the M00P gang, including the W32/Dogbot spyware worm, Troj/Hackarmy-C, Troj/Santabot-A, Troj/Shuckbot-A, W32/Rbot-BF, and W32/Tibick-A.

Recently, media reports linked the group with versions of the Stinx Trojan Horse, which was sent in an e-mail claiming to contain evidence that Tony Blair and George Bush were conspiring to raise oil prices. Cluley also added that versions of the same malware were spammed out to most British companies asking for a photo attachment.

“The police in the U.K. and Finland should be congratulated for investigating this computer crime ring and breaking up the gang before it can do any more harm to innocent Web surfers and businesses,” said Cluley.

“What is interesting is that there haven’t been many arrests in the past, and M00P is a criminally organized and financially motivated gang,” he added.

-Radhika Praveen, Techworld.com (London)

Keep checking in at our CSO Security Feed page for updated news coverage.