Taiwanese Trojan Author Arrested

Police in Taiwan have arrested Wang An-ping, a 30-year-old man who reportedly admitted to authoring Trojan code later used to steal and destroy information on government-owned computers.

Wang reportedly told police that he developed the software as a commercial venture but eventually posted the code for free on the Web, including to some Chinese-language hacking sites.

The arrest marks the second major capture of the week in the information security enforcement arena.

Also in custody is a Canadian teenager who is accused of helping to distribute the Randex worm, which attacks unprotected machines running Microsoft Windows. Police tracked the 16-year-old, who is charged with mischief and fraudulent use of a computer, through a series of “bots” used to relay the malicious code.

Some 20 variations on the Randex worm have been identified since last summer. The most recent, labeled Randex.OL by Symantec, was spotted in March of this year.

Peeping Code

The Taiwan arrest represents a break in what has been seen as a serious case of hacking by authorities after Chinese hackers used the Peep code to break into government computers, steal protected data and then destroy that information.

The Peep code reportedly was disguised as a game program and has been developed into two different Trojans. The first is a sniffer program that records keystrokes made on a computer, including such information as bank account numbers and passwords, and transmits them back to the program’s distributor.

A second, more powerful version enables hackers to take control of a compromised computer remotely, including running applications, downloading files and altering the registry files.

Unsung Malware

According to the Symantec Web site, the Peep Trojan has not been found in any computers outside of Asia. A Trojan is a malicious program masked by another program, often a free download that entices users. In most cases, it must be activated manually by an unwitting computer user.

“Trojans are really the unsung story of malicious code,” iDefense director of malicious code Ken Dunham told the E-Commerce Times. “There’s thousands of Trojans we never hear about.”

Dunham said one of the interesting wrinkles in the Taiwan case is the use of the Trojan code in an apparent case of political “hacktivism.” “We’re seeing Trojans play a big role in that kind of politically or religiously motivated attacks,” he said.

Harsh Sentence Possible

Graham Cluley, senior technology consultant at security firm Sophos, told the E-Commerce Times that Wang’s reported claims that he intended no harm do not ring true and that a harsh sentence is likely.

Neel Mehta, an Internet Security Systems X-Force research engineer, agreed that although creation of Trojan code is a “legal grey area,” law enforcement likely will seek to have Wang punished in some way to send a message.

“The problem of Trojans is significant enough that law enforcement needs to do something about it,” Mehta told the E-Commerce Times.

Don’t Click Here

While Trojans often do not receive as much attention as worms, they can be just as destructive if they succeed in tricking recipients into executing their code, often giving hackers remote control and access to computers or entire networks.

Sophos has tracked several widespread Trojan outbreaks this year, including some that are also “phishing” attacks attempting to dupe users into revealing bank account numbers. Other recent Trojans include programs disguised as fixes to common computer viruses and those promising free pornographic images.

“It would be wrong to underestimate the menace of Trojan horses,” Cluley said. “Because they don’t spread themselves, they often bring less attention, but Trojan horses can open backdoors onto computers which allow a remote hacker to gain access. Once a hacker has control over your computer, they could use that power to send spam, launch a denial-of-service attack against another Web site or steal confidential information.”

The Best Defense

Cluley said the Trojan is unlikely to appear in the West because most antivirus programs already have been updated to detect it.

“The best defense would be if people who use computers on networks were educated not to open executable files that come in via e-mail and not to download software without the approval of the IT department,” Cluley said. “The IT department should help ensure that all computers are properly protected with firewalls, Microsoft security updates and antivirus software to reduce the risk of Trojan horse attack.”