The Worm tard who got busted

[Andre Ludwig <ALudwig () Calfingroup com>]

You guys are amazing sometimes, it looks like a few of you have in fact done
some googling and some detective work.  Others are simply content on sitting
on the sidelines and spewing only moderately informative opinions around
like they are going out of style.

If the topic of what this kid did and how stupid he was interests you go
ahead and do some more detective work. The kid left one helluva trail on the
net with SEVERAL postings on trojanforge.net (which has been offline since
Friday). What was he posting about?  Normal script kiddie things like  y0
d00dz ch3ck 0utz my l33t st4sh 0f spl01tz 4nd tr0j4nZ.  Not to mention
asking about several small footprint irc based RAT's.   So 1+1=2, and in my
book the kid is simply an amateur crook who should get the book thrown at
him.  He would gain some respect from me if he had more skill, but im not a
bleeding heart, you do the crime u do the time.   Granted i am not one to
judge but if i was in the jury there wouldn't be much of a doubt in my mind
as to who was behind things.  

Wow he even looks to have defaced a site or two.. (look at the title of the
window that loads)
http://216.239.37.104/search?q=cache:t12Nd707VCkJ:www.satanosphere.com/+teek
id&hl=en&ie=UTF-8

Teekids Thoughts on VB6 vs .NET
http://216.239.53.104/search?q=cache:oY-N3GP1w4cJ:www.trojanforge.net/showth
read.php%3Fthreadid%3D1715++site:www.trojanforge.net+teekid+trojanforge&hl=e
n&ie=UTF-8

Teekid Hiting the wrong button (new thread instead of reply)
http://216.239.53.104/search?q=cache:l8g2yTYshU4J:www.trojanforge.net/showth
read.php%3Fthreadid%3D2627++site:www.trojanforge.net+teekid+trojanforge&hl=e
n&ie=UTF-8

Teekid Asking for a small footprint IRC boot with UDP features.
http://216.239.53.104/search?q=cache:l8g2yTYshU4J:www.trojanforge.net/showth
read.php%3Fthreadid%3D2627++site:www.trojanforge.net+teekid+trojanforge&hl=e
n&ie=UTF-8

Teekid Pimping his m4d l33t w4r3z.. (his trojan archive)
http://216.239.53.104/search?q=cache:RFRMkPANScMJ:www.trojanforge.net/showth
read/t-36.html++site:www.trojanforge.net+teekid+trojanforge&hl=en&ie=UTF-8

Teekid shopping for a RAT
http://216.239.53.104/search?q=cache:oSgqX5TAsQMJ:www.trojanforge.net/showth
read/t-6016.html++site:www.trojanforge.net+teekid+trojanforge&hl=en&ie=UTF-8

Teekid pimping his IRCBOTS site.
http://216.239.53.104/search?q=cache:SUybKHSk8ncJ:www.trojanforge.net/showth
read/t-2693.html++site:www.trojanforge.net+teekid+trojanforge&hl=en&ie=UTF-8

Teekid coming to the aid of a fellow RAT developer (what a nice guy)
http://216.239.37.104/search?q=cache:39FRhHqYu7cJ:www.trojanforge.net/showth
read/t-5143.html++site:www.trojanforge.net+teekid+trojanforge&hl=en&ie=UTF-8

All this was taken from only one site, if u want u can even find his
flipping CS scores on several servers.  He wasn't to bad of a shot with a
M4.

And for fun
http://asmallvictory.net/archives/jabbahack.jpg

Are all virus coders so stunning and athletic looking?
http://us.news1.yimg.com/us.yimg.com/p/rids/20030829/i/1062184970.2617294885
.jpg

Wow ever since the rash of articles about our favorite coder of the week it
is allot harder to find some of the stuff that i found on fri and sat. Sorry
for the rant of sorts just sort of irked me that after reading 100 or so
emails about the kid no one even bothered to bring up any sort of evidence
that could have been gleamed ( thank god for goggle cache). I would have
posted more threads by the perp but the site is down, and while im sure with
some more time and searching i could dig up irc chat logs, and other such
info i unfortunately have a job to do (even though i hate it). 

Andre Ludwig, CISSP

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html