The Metropolitan Police, acting in conjunction with Finnish law-enforcement authorities, arrested three suspected virus writers on Tuesday.
A 63-year-old man in Suffolk, a 28-year-old man in Scotland, and a 19-year-old man in Finland were arrested for "an international conspiracy to infect computers using viruses attached to unsolicited commercial email (spam)", according to a Metropolitan Police spokeswoman.
The Metropolitan Computer Crime Unit, the Finnish National Bureau of Investigation (NBI Finland) and the Finnish Pori Police Department collaborated to arrest the men, who are all suspected of being members of the M00P (M - zero - zero - P) cybercriminal gang.
A number of computers have been seized at residential addresses in England, Scotland and Finland, in addition to the suspects' servers, the Met said.
"This highly organised group are suspected of writing new computer viruses in order to avoid detection by antivirus products. They have been primarily targeting UK businesses since at least 2005, and during this time thousands of computers are known to have been infected across the globe," the spokeswoman said.
Antivirus vendors McAfee and Sophos believe the suspects may have been involved in writing a Trojan variously known as Stinx, Breplibot, and Rykanos. The Trojan was spammed out to many thousands of businesses, in an attempt to infect computers and compromise them. Once the computers were compromised, they could be controlled using Internet Relay Chat (IRC), a protocol used in instant online communication.
The computer viruses ran in the background on an infected computer without the knowledge of the computer's owner, allowing the criminals behind the virus to access any private and commercial data stored on the computer, according to the police.
The Metropolitan Police spokeswoman told ZDNet UK that businesses that suspect they have been affected by viruses written by the gang should contact their local police station.
According to Graham Cluley, senior security consultant for Sophos, "Stinx had a UK bent. Some of the spam would pretend to come from a UK petrol prices site."
McAfee's UK security consultant Greg Day said that as well as installing a backdoor, the Trojan would also attempt to hide itself by exploiting the rootkit-like properties of any Sony BMG digital rights management software installed on a system.
Cluley said the group could also have been responsible for writing a worm Sophos called "Tibick", written in 2004. The worm spread via file-sharing networks, and again created a backdoor and connected the compromised machine to an IRC channel.
Cluley said the group may have been involved in writing software designed to exploit computers previously compromised by other cybercrime gangs.
"They may have been involved in trying to release bot worms that exploited machines previously infected by Zotob and RBot, to take over compromised computers," said Cluley. "Rival gangs fight for the ownership of zombies. They find other botnets and take them over because they're such a valuable commodity. The OX90 gang that created Zotob would be natural rivals to M00P," Cluley told ZDNet UK.
The Metropolitan Police said that the international co-operation between the specialist law-enforcement units had produced "this really significant result."
"These men appear to be connected via an online company," said detective constable Bob Burls of the Metropolitan Police Computer Crime Unit in a statement.
"We believe the suspects created and adapted viruses with the aim of causing massive infection by spamming. Today's arrests will send a clear worldwide signal to the authors of malicious software that national borders will not limit the ability and commitment of law-enforcement authorities to clamp down on this criminal activity," Burls added.
Talkback
Correction. Today's arrests will send a clear worldwide signal that law enforcement is still focused on fighting symptoms with 'tip of the iceberg' results.
The answer lies not in centralized, complicated, sophisticated and uniform "solutions" focused on 'running behind the facts' but more in simple, straightforward, decentralized and diverse solutions focused on causes, prevention and damage control.
Some food for thought:
An ounce of prevention still beats a pound of cure.
Diversity and the ability to adjust makes for an unbeatable combination. Ask any (bio) pest control specialist.
If you can't handle the attackers then you might want to change the targets.
What planet are you on, Arthur B?
Tracking back trojans to source and nailing key members of a cybergang IS tackling the problem at source - and demonstrates not only a determination to deal with this problem in an effective manner. It also shows international co-operation between law enforcement organisations.
What do the organisations in question have to do to impress you, Arthur - hang draw and quarter the arrestees?
Sigh. Lord Grimm, perhaps you don't have any clue about the true possibilities of misinformation today's commonly used operating systems grants to anyone who knows how to exploit such possibilities.
When law enforcement is spending plenty of government resources (yours and mine tax money) on catching wannabees that don't know how to cover their tracks you might want to start wondering about who's fooling who.