Information Security News mailing list archives
College Hacker Arrested for Writing Taiwan's First 'Trojan' Virus
From: InfoSec News <isn () C4I ORG>
Date: Sat, 6 Jan 2001 13:05:44 -0600
http://www.chinatimes.com.tw//english/esociety/90010501.htm China Times Interactive 2001.01.06 2:52am Taiwan time updated Taipei, Jan. 5 (CNA) Taiwan's Criminal Investigation Bureau (CIB) announced Friday that its computer crimes division had arrested a local college student for allegedly creating and spreading the island's first "trojan" program called BirdSPY. According to the CIB's Ninth Investigation Corps, which tackles computer crimes, the student was found to have written a "trojan client" that allows other hackers to gain remote control over compromised computers that have been infected by a BirdSPY server -- the trojan horse in the setup. Trojans communicate like typical clients and servers, with the victim unknowingly running the server and the attacker sending commands to the server via a client. Claiming to be "punishing" hackers who choose to use his program maliciously, the student, surnamed Chiu, also secretly embedded the server itself within the client, making other hackers vulnerable to his master client program when they activate BirdSPY to attack other computers. Police said that Chiu -- also known by his online alias "Birdman" -- confessed to designing the virus and embedding it in the 1,000 or more pirated program CDs he had sold for NT$1,000 (US$30) each. Chiu claimed that although he knows which computers have been infected by his trojan, he has not used these "backdoors" to attack the computers. Police demanded that Chiu "atone" for his crime by designing another program capable of detecting and removing BirdSPY. Anyone who needs the trojan scanner can contact the Ninth Investigation Corps for a copy, police added. According to the CIB, reports of computer crimes involving stolen passwords and unauthorized dial-up access have been on the rise recently. Trojans, also called Remote Administration Tools, or RATs, are all designed differently, but most share common remote access functions such as key-logging, password sending, screen shots, and upload/download links. RATs were originally created as tools to manage computer resources remotely and they are not harmful to the systems by themselves, CIB said. However, the bureau added that hackers are able to use the trojans to delete files from remote computers, acquire otherwise secure data such as passwords, and satisfy their voyeuristic whims by monitoring what a remote user is doing on his or her computer. CIB officials warned that even when a computer is armed with a virus scanner with the latest virus definitions, without a firewall, most trojans can evade the security measures because no scanner is able to detect all of the hundreds of trojans that are circulating on the Internet. Last August, three local high school students were arrested for allegedly running SunSeven and NetSpy -- two well-known trojans -- to steal dial-up account passwords from compromised systems. According to the CIB, the teenagers were still beaming with pride during questioning when they described their attacks. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- College Hacker Arrested for Writing Taiwan's First 'Trojan' Virus InfoSec News (Jan 08)