Scottish hacker jailed for 18 months after widespread malware attack

Filed Under: Botnet, Law & order, Malware

A 33-year-old father of five has been sentenced to 18 months in prison, after spreading malware around the world via millions of spammed out emails.

Matthew Anderson, from Drummuir, Aberdeenshire, was a member of the m00p virus-writing gang spreading malware in 2005 and 2006 including the Stinx Trojan horse, which was spammed out widely across the globe.

The Stinx Trojan horse contained a reference to the M00P gang inside its code
The Stinx Trojan horse contained a reference to the m00p gang inside its code.

Other attacks distributed by the international gang included bogus messages which pretended to come from Finnish anti-virus firm F-Secure, tasteless fake emails which posed as CCTV images of a campus rapist, and allegations that George W Bush and Tony Blair were conspiring over oil prices.

All of these were designed to tempt users into clicking on the malicious attachments. Victims of the m00p gang were not limited to home users - hospitals and universities were also struck by the malware attacks.

Once infected by malware from the m00p gang, infected computers could be accessed by remote hackers to steal personal information such as CVs, private photographs, wills, sensitive medical reports and password lists. Victims could even be spied upon via webcams once a backdoor had been opened on the affected computers - webcam images described as "potentially compromising" were found on Anderson's hard drive.

Southwark Crown Court was told that Anderson carried out the hacking because he enjoyed the feeling of power it gave him.

The offences of Anderson, who used the online handles "aobuluz" and "warpigs", were described by sentencing Judge Geoffrey Rivlin as being on an "almost unimaginable scale".

BBC News reports the judge as saying to Anderson:

"Your motivation throughout, apart from the relatively small sums of money that you obtained by way of payment from the business leads, was the pleasure and satisfaction that you derived from achieving such a massive invasion into the personal lives of so many others and also the sense of power that invasion gave you."

"Whilst you may not have been engaged in fraud, it is fair to say that in an age in which computers play such an important part in the lives of so many people and businesses, an offence of this nature inevitably raises great concern and consternation."

Detective Constable Bob Burls, who lead the investigation by the Police Central e-Crime Unit, was formally commended by Judge Rivlin.

The PCeU and other international computer crime authorities should be congratulated for investigating this lengthy and involved case and bringing some of its perpetrators to justice.

There needs to be more co-operation around the world to fight cybercrime, and governments need to provide the appropriate funding to investigators to send out a clear message that they're not being soft on those who abuse the internet.

, , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.