Zotob dragnet extended
p2pnet.net News:- The Microsoft Microsoft Plug-and-Play (MS05-039) Zotob worm outbreak may be end up being the biggest virus bust in history.
“Diabl0″ and “Coder” have already been arrested and, “The FBI said the Turkish authorities have identified 16 more individuals as suspects in the recent Zotob and the Mytob worm attacks,” according to Red Herring.
However, the FBI’s cyber division said no additional arrests had yet been made.
Atilla Ekici (Ekiji), 21, was arrested in Turkey and Russian-born Farid Essebar, 18, was arrested in Morocco, says Mosnews, pointing out they’ll be prosecuted in those countries. Essebar wrote the code, and Ekici paid him for it, the story quotes the FBI as saying. And the agency also, “hinted that larger forces may be at work”.
But who are these guys really? – asks F-Secure. And who’s behind the other PnP worms that were found during the last two weeks?
“Well, we know that ‘Diabl0’ had also authored several of the Mytob variants since February this year,” says research director Mikko Hypponen. “However, he’s not behind all of them. There’s around 70 known variants of Mytob and practically all of them create botnets of the infected machines.
“Some of these botnets have been controlled by unrelated groups, such as Blackcarder. And we’ve found new Mytob variants just yesterday, which obviously are not written by Diabl0. So several people have access to Mytob source code and have been making their own variants.”
What is known, continues Hypponen, is Diabl0 aka Farid Essebar was associated with 0×90-Team.
“The website of 0×90-team has been operating as an underground gathering site for bot authors for quite a while,” he says. “Interestingly enough, right after Diabl0 and Coder were arrested, someone defaced the site with an educational message – and a threat: ‘If you continue to hold this place to train script kiddies, we will come back’.”
Speaking of script kiddies, Microsoft paid out $250,000 in bounty money to get the identity of the creator of the Sasser worm which reigned supreme for some months and was described as the worst e-virus outbreak ever. Its author, Sven Jaschan, 19, was found guilty of computer sabotage and given a one year suspended sentence.
No details have been released about Microsoft’s role in tracking down the Zotob perpetrators – other than the fact that a critical Windows security hole let the Zotob worm in to being with – but you can bet Bill and the Boyz, and investigators employed by them, are working right alongside the police.
Meanwhile, Zotob has not only swept the Net, infecting the likes of Microsoft itself and CNN, it’s continuing to keep the mainscream scribes happy with headlines such as:
Zotob author may be virus mastermind, says Techworld.com UK. And Cyber-cops arrest 16 more Zotob suspects, promises VNUNet.com in The Netherlands, although there’s no mention of arrests and the story in fact contradicts its own headline with, “The arrests of two people last week could lead to the break-up of a much larger internet gang. No further arrests have been announced as yet.”
Accused Zotob Hacker May Be Behind 21 Other Worms, says InformationWeek, and Zotob worm linked to credit card fraud ring, says ZDNet.
If there’s something you think we should know, contact us – tips[at]p2pnet.net
See:-
MS05-039 – Zotob worm attacks clarified, August 18, 2005
Red Herring – 16 Sought in Zotob Gang Dragnet, August 30, 2005
Mosnews – Russian-Born Suspect Arrested for Unleashing Zotob Worm, August 30, 2005
F-Secure – So who is Diabl0?, August 29, 2005
bounty money – Sasser worm author sentenced, July 8, 2005
