Feeds

US and UK arrests in computer worm probe

THr34t-Krew taken down

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Two UK men were arrested this morning following police raids in the UK and US aimed at dismantling an international hacker group believed to have created a virulent computer worm.

Officers from the Durham Constabulary arrested a 19 year-old electrician and a 21 year-old unemployed man after seizing evidence related to computer and drugs offences during a raid on two addresses in County Durham this morning.

The pair are being interviewed today by officers of the UK's National Hi-Tech Crime Unit (NHTCU).

Police believe the two UK based men are members of an international hacking group calling themselves the "THr34t-Krew".

The group has created an Internet worm, called the TK worm, which infected approximately 18,000 computers around the world, according to a statement by the NHTCU.

Investigators estimate the worm caused disruption and damage to computer systems in the UK and overseas estimated at £5.5 million.

The operation against the THr34t-Krew group was jointly planned by officers from Durham Constabulary and the US multi-agency CATCH team (Computer and Technology Crime Hi-Tech Response Team).

The California-based CATCH team consists of representatives from the United States Secret Service, Department of Justice, and the FBI among others.

While UK police were searching homes in County Durham, a simultaneous search warrant was executed at an address in Illinois, USA, where additional evidence in the case was seized and one man arrested.

None of the arrests are connected to the recent SQL Slammer Worm, the NHTCU states.

What the heck is the TK worm?

Antivirus experts we contacted were not immediately familiar with the TK worm, so (for now) we need to rely on a police description of the malicious code which first came to the attention of the NCTCU in mid- January.

The worm known as the TK worm has been found to be present in a number of computers in the UK. The cost of the disruption is estimated at £5.5m.

Once connected to the Internet, the infected computer connects to a number of computers under the control of the THr34t-Krew, who are able to send commands to the infected hosts. These commands could range from scanning other computers for vulnerabilities, starting Distributed Denial of Service attacks on other computers and web sites. The TK worm is self-replicating and is able to spread itself across the Internet distributing itself to other computers.

A search on Google for THr34t-Krew reveals one user's experiences of dealing with this worm but not much else. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.