How the M00p Malware Gang Was Brought Down

[InfoSec News <alerts () infosecnews org>]

http://www.wired.com/threatlevel/2011/10/m00p-takedown/

By Kim Zetter
Threat Level
Wired.com
October 5, 2011

It’s rare that malware-writing crews get arrested for creating the tools that 
criminals use.

But a presentation at the Virus Bulletin conference in Spain this week 
described an extensive operation in which law enforcement agents worked 
successfully with the Finnish anti-virus firm F-Secure to catch two members of 
the M00p gang, makers of malware that allowed criminals to steal passwords and 
proprietary documents, remotely control web cams and commandeer computers for 
use as spambots.

Detective Constable Bob Burls of the Police Central e-Crime Unit in the United 
Kingdom described, along with F-Secure Chief Research Officer Mikko Hypponen, 
how “Operation Kennet” was ultimately able to identify two members of the M00p 
gang — Matthew Anderson and Artturi Alm — which operated from 2004 to 2006. The 
Finnish company F-Secure got involved in part because M00p crafted 
malware-infected e-mails that were designed to look like they came from 
F-Secure.

According to Sophos’ Graham Cluley, who attended the presentation, Burls came 
onto the case while investigating an intrusion at a hospital that was infected 
with a piece of M00p botnet malware. He discovered that the botnet communicated 
with a domain registered to one warpiglet () gmail com. That address was soon 
linked to Anderson, a 33-year-old father of five from Scotland, and his company 
Opton-Security, which purported to be a computer security firm.

[...]

_____________________________________________________________
FINAL CALL to register #HITB2011KUL - Asia's premier
deep-knowledge network security event now in it's 9th year!
http://conference.hitb.org/hitbsecconf2011kul/