Security firm MessageLabs says it has detected a new variant of the Mytob
worm and intercepted 72 copies since early Wednesday.
While similar to previous Mytob variants, the latest worm appears to have
been compiled using more recent code than that used by its creator,
the hacker known as Diabl0, according to MessageLabs.
Last week, Diabl0, also known as Farid Essebar, 18, of Morocco, and Atilla
Ekici, 21, of Turkey, were arrested in their respective countries in connection with writing and releasing
the Zotob and Mytob worms into the wild, according to the FBI.
Zotob, a swift-moving virus, arrived earlier this month shortly after Microsoft warned that a possible security vulnerability affecting its Windows plug-and-play could be exploited. The worm did just that, hitting several media outlets hard, including ABC, CNN, The Associated Press and The New York Times, among others.
Essebar and Ekici, known as “Coder,” are
suspected to have worked together on the viruses.
Security firm Sophos said the moniker “Diabl0” embedded the title inside
the Zotob.A worm.
References to Diabl0 have been removed from the code, according to
MessageLabs. However, the payload of the new virus has been encrypted to make
detection by anti-virus software difficult.
The malicious code delivers its payload by copying itself to the Windows
system directory under the name “xDcc.exe” and adds the value “WINDOWS
SYSTEM UPDATE.”