College Hacker Arrested for Writing Taiwan's First 'Trojan' Virus

[InfoSec News <isn () C4I ORG>]

http://www.chinatimes.com.tw//english/esociety/90010501.htm

China Times Interactive
2001.01.06 2:52am Taiwan time updated

Taipei, Jan. 5 (CNA) Taiwan's Criminal Investigation Bureau (CIB)
announced Friday that its computer crimes division had arrested a
local college student for allegedly creating and spreading the
island's first "trojan" program called BirdSPY.

According to the CIB's Ninth Investigation Corps, which tackles
computer crimes, the student was found to have written a "trojan
client" that allows other hackers to gain remote control over
compromised computers that have been infected by a BirdSPY server --
the trojan horse in the setup.

Trojans communicate like typical clients and servers, with the victim
unknowingly running the server and the attacker sending commands to
the server via a client.

Claiming to be "punishing" hackers who choose to use his program
maliciously, the student, surnamed Chiu, also secretly embedded the
server itself within the client, making other hackers vulnerable to
his master client program when they activate BirdSPY to attack other
computers.

Police said that Chiu -- also known by his online alias "Birdman" --
confessed to designing the virus and embedding it in the 1,000 or more
pirated program CDs he had sold for NT$1,000 (US$30) each.

Chiu claimed that although he knows which computers have been infected
by his trojan, he has not used these "backdoors" to attack the
computers.

Police demanded that Chiu "atone" for his crime by designing another
program capable of detecting and removing BirdSPY. Anyone who needs
the trojan scanner can contact the Ninth Investigation Corps for a
copy, police added.

According to the CIB, reports of computer crimes involving stolen
passwords and unauthorized dial-up access have been on the rise
recently.

Trojans, also called Remote Administration Tools, or RATs, are all
designed differently, but most share common remote access functions
such as key-logging, password sending, screen shots, and
upload/download links.

RATs were originally created as tools to manage computer resources
remotely and they are not harmful to the systems by themselves, CIB
said. However, the bureau added that hackers are able to use the
trojans to delete files from remote computers, acquire otherwise
secure data such as passwords, and satisfy their voyeuristic whims by
monitoring what a remote user is doing on his or her computer.

CIB officials warned that even when a computer is armed with a virus
scanner with the latest virus definitions, without a firewall, most
trojans can evade the security measures because no scanner is able to
detect all of the hundreds of trojans that are circulating on the
Internet.

Last August, three local high school students were arrested for
allegedly running SunSeven and NetSpy -- two well-known trojans -- to
steal dial-up account passwords from compromised systems. According to
the CIB, the teenagers were still beaming with pride during
questioning when they described their attacks.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".