Sales
0161 215 3700
0800 458 4545
Support
0800 230 0032
0161 215 3711

Zotob writer had busy summer

Zotob writer had busy summer

One of the programmers arrested last week in connection with the Zotob worm outbreak may have authored at least 20 other worms, according to SophosLabs. Researchers at the security firm believe that Farid Essebar was responsible for writing a host of viruses in August. Essebar, 18, of Morocco, and Atilla Ekici, 21, of Turkey, were arrested Thursday in their respective countries and charged in connection with writing and releasing the Zotob and Mytob worms, according to the FBI. Zotob, a fast-moving virus, surfaced earlier this month shortly after Microsoft warned of a security vulnerability affecting its Windows Plug-and-Play. The worm, which exploited the Windows flaw, hit several media outlets hard including ABC, CNN, The Associated Press and The New York Times, among others. Sophos said Essebar, who the FBI claims goes by the moniker "Diabl0," embedded the title inside the Zotob-A worm. It is not unusual for malware authors to leave handles inside their malicious code, sometimes alongside other messages, said Sophos. Researchers at the firm have determined that more than 20 other viruses include the Diablo handle, including Mydoom-BG and many versions of the Mytob worm. "It appears that whoever wrote Zotob had access to the Mytob source code, ripped out the Email-spreading section, and plugged in the Microsoft exploit," Graham Cluley, senior technology consultant for Sophos, said in a statement. "The Mytob worms have made a significant impact on the virus outbreak charts this year, so anything which may prevent future variants from being developed and released must be welcomed." Viruses now being attributed to "Diabl0" currently account for six of the top 10 positions, and more than 54 percent of all viruses reported to Sophos this month, the firm said. "To the untrained eye the Mytob and Zotob worms can appear quite different: one group of viruses travels via Email, the other primarily by exploiting a Microsoft security hole. However, when examined by an experienced virus analyst, the similarities become clear." Cluley said.

print this article

Return to internet news headlines
View Internet News Archive

Share with: