Feeds

US and UK arrests in computer worm probe

THr34t-Krew taken down

  • alert
  • submit to reddit

SANS - Survey on application security programs

Two UK men were arrested this morning following police raids in the UK and US aimed at dismantling an international hacker group believed to have created a virulent computer worm.

Officers from the Durham Constabulary arrested a 19 year-old electrician and a 21 year-old unemployed man after seizing evidence related to computer and drugs offences during a raid on two addresses in County Durham this morning.

The pair are being interviewed today by officers of the UK's National Hi-Tech Crime Unit (NHTCU).

Police believe the two UK based men are members of an international hacking group calling themselves the "THr34t-Krew".

The group has created an Internet worm, called the TK worm, which infected approximately 18,000 computers around the world, according to a statement by the NHTCU.

Investigators estimate the worm caused disruption and damage to computer systems in the UK and overseas estimated at £5.5 million.

The operation against the THr34t-Krew group was jointly planned by officers from Durham Constabulary and the US multi-agency CATCH team (Computer and Technology Crime Hi-Tech Response Team).

The California-based CATCH team consists of representatives from the United States Secret Service, Department of Justice, and the FBI among others.

While UK police were searching homes in County Durham, a simultaneous search warrant was executed at an address in Illinois, USA, where additional evidence in the case was seized and one man arrested.

None of the arrests are connected to the recent SQL Slammer Worm, the NHTCU states.

What the heck is the TK worm?

Antivirus experts we contacted were not immediately familiar with the TK worm, so (for now) we need to rely on a police description of the malicious code which first came to the attention of the NCTCU in mid- January.

The worm known as the TK worm has been found to be present in a number of computers in the UK. The cost of the disruption is estimated at £5.5m.

Once connected to the Internet, the infected computer connects to a number of computers under the control of the THr34t-Krew, who are able to send commands to the infected hosts. These commands could range from scanning other computers for vulnerabilities, starting Distributed Denial of Service attacks on other computers and web sites. The TK worm is self-replicating and is able to spread itself across the Internet distributing itself to other computers.

A search on Google for THr34t-Krew reveals one user's experiences of dealing with this worm but not much else. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.