Agobot malware case redux

Filed Under: Law & order, Malware

The botnet computers launched a denial-of-service attack

Way back in 2004, Sophos reported on the arrest of a German man accused of creating the Agobot Trojan horse, that turned PCs into a botnet of compromised computers for the purposes of distributed denial-of-service (DDOS) attacks.

Axel Gembe was originally apprehended by the German authorities in the southern town of Waldshut on 7 May 2004, and put behind bars as the authorities feared he might be planning to leave the country to avoid military service.

Gembe, now 25, and Lee Graham Walker, a 24-year-old Brit, were indicted on Thursday by a grand jury in Los Angeles, California, on counts of conspiracy and intentionally damaging a computer system. If found guilty they could face up to 15 years in prison.

Gembe and Walker are alleged to have been hired by Jay Echouafni, the owner of a Massachusetts-based satellite TV systems company, to launch DDOS attacks against business rivals. According to legal documents, one of the affected companies suffered $200,000 worth of damages as a result of having their website blasted off the internet.

Echouafni is still at large, and is speculated to be residing in Morocco.

When the German authorities tried Gembe in 2006, he managed to escape with a probational sentence, as prosecutors struggled to produce evidence of the total financial damage done by his malware around the world. It will be interesting to see how a case run by the American authorities fares in comparison.

If Axel Gembe's name is familiar to you then it could be that you remember that he was the hacker who broke into the internal network of games developer Valve, and stole the source code of Half-Life 2 in September 2003.

To learn more about the Agobot case, read this report by Jeremy Kirk of IDG: "Two Europeans Charged in US Over DDOS Attacks".

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.