p2pnet - rss feed: Zotob linked to online ads
p2p news / p2pnet:- A chance to make a lot of money from online click-through ads may have been behind the recent Zotob outbreak.
“Every time an ad was sent to a user, Diabl0 would get credited” and with “Zotob being one of the worst outbreaks of 2005, Diabl0 could have expected a bumper payday.”
That’s literally the bottom line in what the BBC describes as a “rare insight into the lifestyle and motivations of criminal hackers”.
Hundreds of major companies including CNN and Microsoft in the US, and the Financial Times in Britain, were hit by the Zotob worm which wrought havoc by exploiting yet another critical Microsoft security fault.
As Bill and the Boyz phrased it in PR-speak, the Zotob MS05-39 Plug-and-Play vulnerability, “Could Allow Remote Code Execution and Elevation of Privilege”.
Farid Essebar, 18, from Morocco, and Atilla Ekici, 21, from Turkey, “are believed to have written and unleashed the Zotob and Mytob worms that hit the Internet less than two weeks ago, the FBI said in Washington on Friday,” says the BBC.
Essebar was said to have paid Ekici, originally from Russia, to create Zotob but, “Pete Simpson from mail-filtering firm Clearswift doubted that the pair were technically skilled because they used code snippets generated by others to make the variants,” says the story, which includes a clip snagged by “Almost by accident David Taylor, a senior information security specialist at the University of Pennsylvania” of an online conversation with a malicious hacker that [sic] went by the name of Diabl0.
[DiablO] that worm spread only for money
[Taylor] you should think about joining the other side of this…lots of fun fighting hackers…the thrill is even better
[DiablO] we dont care if user removed worm
[Taylor] oh, ok…that malware…toolbar thing!! i understand now
[DiablO]
[Taylor] so, do you get paid for the ‘click’?
[DiablO] no
[Taylor] how you make money then? i am confused…curious
[DiablO] it low setting of ie
[DiablO] ratio of install is 1:1
[DiablO]
[Taylor] but you get paid for someone visiting a site
[Taylor] that is a good ratio
Essebar, whose nick was reportedly Diabl0, is also suspected of having written variants of the Mydoom, and Mytob viruses and, “According to anti-virus firm Sophos, the Zotob worm is a variant of the Mytob virus which had plugged in to it exploit code written by a Russian hacker called houseofdabus.”
And houseofdabus was, in turn, used by Sven Jaschan to create the Sasser worm which struck on 1 May 2004, the BBC points out.
However, Essebar and Ekici were, “probably taken aback” by the response the worm generated, continues the BBC. “It appears that Mr Essebar was intending to make money several different ways from the people caught out by the Mytob and Zotob viruses he is alleged to have created.”
Diabl0, “said he would be paid by the pop-up ad makers for every user hit,” adds the story.
“Even if the compromised users managed to remove the virus, bragged Diabl0, the settings would likely go unchanged and the stream of unwanted adverts would continue.”
Something you think we should know? tips[at]p2pnet.net
See:-
BBC - Money motive drove virus suspects, September 5, 2005
PR-speak - Microsoft Zotob wreaks havoc, August 17, 2005
Diabl0 - Zotob dragnet extended, August 31, 2005
Sven Jaschan - Sasser worm author sentenced, July 8, 2005
