Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Zotob author also wrote Mytob

Zotob author also wrote Mytob

by Nikola Strahija on August 30th, 2005 Farid Essebar, arrested last week over the Zotob worm outbreak, has been linked to the creation of 20 other viruses.


Essebar (18) was arrested by investigators last Thursday, less than two weeks after Zotob worms exploited recently-discovered Windows flaws to disrupt high profile organisations around the world. His supposed accomplice, Atilla Ekici, allegedly paid Essebar to create the worms. Police investigating the case has arrested Ekici in Turkey.

Essebar is believed to use the nick-name "Diabl0", a phrase embedded inside the Zotob-A worm. Sophos researchers have determined that over 20 other viruses include the "Diabl0" handle, including numerous variants of the Mytob worm (a code cousin to Zotob) as well as a MyDoom variant, MyDoom-BG.

-Until the authorities recover source code from the suspect's computers there won't be any hard evidence but the use of the 'Diabl0' handle is circumstantial evidence of linkage. Virus writers tend to sign their work like graffiti artists, said Graham Cluley, senior technology consultant at anti-virus firm Sophos.

-To the untrained eye the Mytob and Zotob worms can appear quite different: one group of viruses travels via email, the other mostly by exploiting a Microsoft security hole. But when examined by an experienced virus analyst, the similarities become clear. It appears whoever wrote Zotob had access to the Mytob source code, ripped out the email-spreading section and plugged in the Microsoft exploit, he added.

Numerous security experts agree that more than one person had access to the Mytob source code and that Diabl0 is the likely author of several of the Mytob variants since February this year, but not the sole author. F-Secure has found Mytob variants written after Essebar's arrest, backing up their theory that multiple virus authors are involved in distributing the malware strain. But there's strong suspicion that Diabl0 is a significant player.

Some earlier Mytob variants downloaded additional components from a site associated with the 0x90-Team, an underground gathering site for bot authors. -Diabl0 aka Farid Essebar was associated with 0x90-Team, said F-Secure.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »