Zotob Writer Had Busy Summer


One of the programmers arrested last week in connection with the Zotob worm outbreak may have authored at least 20 other worms, according to SophosLabs.

Researchers at the security firm believe that Farid Essebar was responsible
for writing a host of viruses in August.

Essebar, 18, of Morocco, and Atilla Ekici, 21, of Turkey, were arrested
Thursday in their respective countries and charged in connection with
writing and releasing the Zotob and Mytob worms, according to the FBI.

Zotob, a fast-moving virus, surfaced earlier this month shortly after
Microsoft warned of a security vulnerability affecting its Windows
Plug-and-Play. The worm, which exploited the Windows flaw, hit
several media outlets hard including ABC, CNN, The Associated Press and The
New York Times, among others.

Sophos said Essebar, who the FBI claims goes by the moniker “Diabl0,” embedded the title inside the Zotob-A worm.

It is not unusual for malware authors to leave handles inside their malicious code, sometimes alongside other messages, said Sophos. Researchers at the firm have determined that more than 20 other viruses include the Diablo handle, including Mydoom-BG and many versions of the Mytob worm.

“It appears that whoever wrote Zotob had access to the Mytob source code, ripped out the e-mail-spreading section, and plugged in the Microsoft exploit,” Graham Cluley, senior technology consultant for Sophos, said in a statement. “The Mytob worms have made a significant impact on the virus outbreak charts this year, so anything which may prevent future variants from being developed and released must be welcomed.”

Viruses now being attributed to “Diabl0” currently account for six of the top 10 positions, and more than 54 percent of all viruses reported to Sophos this month, the firm said.

“To the untrained eye the Mytob and Zotob worms can appear quite different:
one group of viruses travels via e-mail, the other primarily by exploiting a
Microsoft security hole. However, when examined by an experienced virus
analyst, the similarities become clear.” Cluley said.

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web