Scottish hacker jailed for 18 months after widespread malware attack

Graham Cluley
Graham Cluley
@[email protected]

Scottish hacker jailed for 18 months after widespread malware attack

A 33-year-old father of five has been sentenced to 18 months in prison, after spreading malware around the world via millions of spammed out emails.

Matthew Anderson, from Drummuir, Aberdeenshire, was a member of the m00p virus-writing gang spreading malware in 2005 and 2006 including the Stinx Trojan horse, which was spammed out widely across the globe.

The Stinx Trojan horse contained a reference to the M00P gang inside its code
The Stinx Trojan horse contained a reference to the m00p gang inside its code.

Other attacks distributed by the international gang included bogus messages which pretended to come from Finnish anti-virus firm F-Secure, tasteless fake emails which posed as CCTV images of a campus rapist, and allegations that George W Bush and Tony Blair were conspiring over oil prices.

All of these were designed to tempt users into clicking on the malicious attachments. Victims of the m00p gang were not limited to home users – hospitals and universities were also struck by the malware attacks.

Once infected by malware from the m00p gang, infected computers could be accessed by remote hackers to steal personal information such as CVs, private photographs, wills, sensitive medical reports and password lists. Victims could even be spied upon via webcams once a backdoor had been opened on the affected computers – webcam images described as “potentially compromising” were found on Anderson’s hard drive.

Sign up to our free newsletter.
Security news, advice, and tips.

Southwark Crown Court was told that Anderson carried out the hacking because he enjoyed the feeling of power it gave him.

The offences of Anderson, who used the online handles “aobuluz” and “warpigs”, were described by sentencing Judge Geoffrey Rivlin as being on an “almost unimaginable scale”.

BBC News reports the judge as saying to Anderson:

“Your motivation throughout, apart from the relatively small sums of money that you obtained by way of payment from the business leads, was the pleasure and satisfaction that you derived from achieving such a massive invasion into the personal lives of so many others and also the sense of power that invasion gave you.”

“Whilst you may not have been engaged in fraud, it is fair to say that in an age in which computers play such an important part in the lives of so many people and businesses, an offence of this nature inevitably raises great concern and consternation.”

Detective Constable Bob Burls, who lead the investigation by the Police Central e-Crime Unit, was formally commended by Judge Rivlin.

The PCeU and other international computer crime authorities should be congratulated for investigating this lengthy and involved case and bringing some of its perpetrators to justice.

There needs to be more co-operation around the world to fight cybercrime, and governments need to provide the appropriate funding to investigators to send out a clear message that they’re not being soft on those who abuse the internet.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.