RealTime IT News

Mytob Variant Still Trolling The Web

Security firm MessageLabs says it has detected a new variant of the Mytob worm and intercepted 72 copies since early Wednesday.

While similar to previous Mytob variants, the latest worm appears to have been compiled using more recent code than that used by its creator, the hacker known as Diabl0, according to MessageLabs.

Last week, Diabl0, also known as Farid Essebar, 18, of Morocco, and Atilla Ekici, 21, of Turkey, were arrested in their respective countries in connection with writing and releasing the Zotob and Mytob worms into the wild, according to the FBI.

Zotob, a swift-moving virus, arrived earlier this month shortly after Microsoft warned that a possible security vulnerability affecting its Windows plug-and-play could be exploited. The worm did just that, hitting several media outlets hard, including ABC, CNN, The Associated Press and The New York Times, among others.

Essebar and Ekici, known as "Coder," are suspected to have worked together on the viruses.

Security firm Sophos said the moniker "Diabl0" embedded the title inside the Zotob.A worm.

References to Diabl0 have been removed from the code, according to MessageLabs. However, the payload of the new virus has been encrypted to make detection by anti-virus software difficult.

The malicious code delivers its payload by copying itself to the Windows system directory under the name "xDcc.exe" and adds the value "WINDOWS SYSTEM UPDATE."