Forum sold identity-theft tools, swapped information about malware and manufacturing phony credit cards

Dark Reading Staff, Dark Reading

March 5, 2009

1 Min Read

Law enforcement officers in Germany have pulled the plug on a notorious Web forum where cybercriminals exchanged malware and password-stealing tools.

The Landeskriminalamt police Internet crime unit announced that it had shut down the forum, which had been used by cybercriminals to swap information on malware, spyware, and making phony credit cards, according to Sophos.

A 22-year-old Swiss man -- known online as "tr1p0d" and the alleged leader of the site -- reportedly sold password-stealing malware. Police confiscated from tr1p0d's apartment incriminating hard drives and's database of users and IP addresses.

Two German men, both in their 20s, as well, are suspected of infecting some 80,000 computers around the world with tr1p0d's so-called "Codesoft PW Stealer" Trojan, which steals passwords. They also allegedly sold the stolen data to other cybercriminals.

The stolen data was found on a server hosted at a German ISP, which led authorities to the two German suspects, according to a published report. The server housed user names and passwords of the victim machines, as well as online banking, auctions, or online payment account information.

"Obviously the authorities will be keen to identify victims as they put their case against the suspects together, and the public are being reminded of the importance of changing their passwords if they have been compromised," blogged Sophos' Graham Cluley.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights