German police on Friday arrested two men: an 18-year old man in Rotenburg in connection with the Sasser worm, and a 21-year old who confessed to creating a bot called Agobot or Phatbot.
A lot of folk believe the gang responsible for the Sasser worm may also be responsible for the Netsky worms, which have been infecting computer users for most of this year. Sophos’ Graham Cluley, for example, says, “If you scrutinize the most recent Netsky worm, you can see that the author embedded a taunt to anti-virus companies, bragging that he also wrote the Sasser worm. If this is the case, this could be one of the most significant cybercrime arrests of all time.”
Cluely goes on to say: “All these worms have been highly disruptive and complex, suggesting that the author isn’t working alone. Seizing this man’s computers could provide the vital clues that will bring down the infamous ‘Skynet’ virus-writing gang. We would not be surprised if more arrests follow in due course.”
What I’m interested in are claims that the people behind these attacks were not just doing it for fun, but for money, by setting up chains of zombie computers and then selling the connections to spammers and fraudsters. Could this also shed light on the Russian and Eastern European underworld, or are the groups not connected?