News Stories

FBI Wants Worm Information

The FBI is trying to get access to a massive database that contains the private communications and passwords of the victims of the Badtrans Internet worm. Badtrans spreads through security flaws in Microsoft mail software and transmits everything the victim types. Since November 24, Badtrans has violated the privacy of millions of Internet users, and the FBI would like to get hold of the information it has collected.

Victims of Badtrans are infected when they receive an email containing the worm in an attachment and either run the program by clicking on it, or use an email reader like Microsoft Outlook which may automatically run it without user intervention. Once executed, the worm replicates by sending copies of itself to all other email addresses it finds on the host?s machine, and is capable of stealing passwords, including those used for telnet, email, ftp, and the web. It also captures anything else the user may be typing, including personal documents or private emails.

The data stolen by Badtrans was sent to one of twenty-two email addresses, according to the FBI (anti-virus vendors have only reported seventeen email addresses). Among these are free email addresses at Excite, Yahoo, and IJustGotFired.com, a free service of MonkeyBrains. One address began receiving the emails at 3:23 p.m. on November 24. Triggering software automatically disabled the account after it exceeded its quota, and began saving messages as they arrived. The following day, the mail server was sluggish. Upon examination of the mail server?s logs, it was apparent that 100 emails sent per minute to the alias were the source of the problem. The mails delivered the logged keystrokes from over 100,000 compromised computers in the first day alone.

Last week the FBI contacted Rudy Rucker, Jr., the owner of MonkeyBrains, and requested a copy of the password database and keylogged data. The database includes only information stolen from the victims of the virus, not information about the perpetrator of the virus. With this information, the FBI would gain access to the illegally extracted passwords and keystrokes of over two million people. This is information that no one, not even the FBI, could legally gather themselves.

Rather than hand over the entire database to the FBI, MonkeyBrains has decided to open the database to the public. Now everyone (including the FBI) will be able query which accounts have been compromised and search for their hostnames. Password and keylogged data will not be made available.

Four days before the Badtrans infection began, it was revealed that the FBI is developing their own keystroke-logging virus, called Magic Lantern. It?s being made to complement the Carnivore spy system and will allow them to obtain a target?s passwords as they type them. This is a significant improvement over Carnivore, which can only see data after it has been transmitted over the Internet, at which point the passwords may have been encrypted.

To check if you?re on the database of hacked e-mails,click here.

NOTE: This news story, previously published on our old site, will have any links removed.


Subscribe to Unknowncountry sign up now