International Police Snag Virus Suspects

Police in Canada and Taiwan have apprehended two suspects in connection with two separate cybercrimes: the Randex worm and the Peep.exe Trojan horse program, respectively.

A sixteen-year-old boy from Mississauga, Ontario, will appear in court on June 3 to face charges of computer fraud and mischief to data for helping distribute the Randex computer worm, according to a Royal Canadian Mounted Police spokesman.

The boy was issued a summons to appear in Youth Justice Court in Brampton, Ontario, following an RCMP investigation that linked him to a network of Randex-infected computers acting as robots, or "bots," says Sergeant George Wiegers of the RCMP's Integrated Technological Crime Unit.

Meanwhile, Taiwanese police have arrested a 30-year-old computer engineer surnamed Wang for allegedly writing a Trojan horse program called Peep.exe that was used by Chinese hackers to attack computers in Taiwan, according to a statement released by Taiwan's Criminal Investigation Bureau.

Worming In

The Randex worm spreads by breaking into poorly protected computers running Microsoft's Windows operating system. The worm first appeared last June and has since spawned dozens of variants, according to antivirus vendors.

Randex spreads on local area networks, exploiting Windows machines with weak passwords by trying to guess the password using a preprogrammed list of values, says F-Secure of Helsinki.

Once it infects machines, the worm alters the configuration of Windows so that the worm is launched whenever Windows starts. It also installs a backdoor on the infected machine that allows the worm's author or remote attackers to control the machine using commands issued over an Internet Relay Chat channel, F-Secure says.

International Investigation

The RCMP investigation followed a tip from law enforcement in a "foreign country" that led to the boy. The tip followed a complaint in that country about a network of IRC "bots," Wiegers says.

Wiegers declines to say which country the tip came from, but says he was not aware of any links between the Randex case and recent announcements from Germany about the arrest of the suspected author of the Sasser worm and Agobot Trojan horse program.

Wiegers also declines to comment on whether RCMP officers believed the boy was the Randex author or had searched the boy's house or seized any evidence in the case, citing the ongoing investigation.

Peeping Into PCs

The Chinese-language Peep.exe Trojan horse, also known as PeepBrowser.exe among other names, was allegedly distributed over the Internet by Wang to hackers in China, who used the program disguised as a small game to attack thousands of computers in Taiwan, CIB says.A Trojan horse is a computer program that appears to be innocuous but also performs an illegitimate function.

At least two major versions of the Trojan horse are known to have been developed, CIB says. The first version records keystrokes made on a computer and transmits keystrokes for passwords and other information, such as bank account numbers, to the distributor of the program. A second version of the program is more powerful, enabling hackers to take control of the computer remotely, including running applications, downloading files, and altering the system registry files, CIB says.

A utility from the CIB to remove known versions of Peep.exe can be download from http://www.cib.gov.tw.

Subscribe to the Best of TechHive Newsletter

Comments