Security firm Damballa says that when computer crime cops in Norway arrested five men last month in a joint operation with Europol, one of them was the creator of the MegalodonHTTP botnet used to launch distributed denial-of-service (DDoS) attacks against websites.
At the time of the arrest by Norway’s Kripos national criminal investigation service, little was known other than the men had been charged with possessing, using and selling malware including remote access trojans (RATs), and that they were aged between 16 and 24 years old.
Now Damballa says that it worked together with the Norwegian authorities over the space of a “few months” to track and identify the author of MegalodonHTTP.
MegalodonHTTP, perhaps the most clumsily-named botnet in existence, relied upon every Windows PC it tried to hijack into its DDoS botnet to have .NET installed and running by default – almost certainly limiting the number of victims it managed to successfully compromise.
Described by Damballa researchers as “skid malware” (malware for script kiddies), the fact that it was advertised for a low price on hacking forums inevitably made MegalodonHTTP attractive to some.
Damballa says that it is not at liberty to release the true identity of MegalodonHTTP’s author, who goes by the online handle of “Bin4ry”, but that he is no longer active or doing business.
If it’s true that another malware author’s activities have been curtailed then that’s good news, and we can only hope that other youngsters will be deterred from entering a life of cybercrime.
More details on MegalodonHTTP can be found in this Damballa blog post published last November.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.