Zotob arrests point to cybercrime nexus

Jaikumar Vijayan   Today’s Top Stories   or  Other Spam, Malware and Vulnerabilities Stories  

The Secure Web Gateway. Mission Critical For Business Client Security Podcast Windows Vista® Migration: What Really Happens? A Customer's Perspective Learn How to Think Ahead of Attacks and Protect your Data For the Future IronPort Web Reputation Filters Tech Note IronPort Encryption Technology: Safeguarding Business Email Compterworld Technology Briefing: Intelligent Users Use Business Intelligence Computerworld Report- Large Enterprises Pay More for IPAM An Apple for Your Enterprise? Sign up to receive Spam, Malware and Vulnerabilities Resource Alerts

August 30, 2005 (Computerworld) -- The expanding investigation into this month's Zotob worm outbreak is uncovering evidence of the growing nexus between worm writers and gangs looking to profit from cybercrime, according to security experts.
The FBI today confirmed that Turkish law enforcement officials are investigating 16 more suspects in connection with the Zotob worm and its variants.
This follows last Thursday's arrests of Farid Essebar, an 18-year-old Moroccan believed to have been responsible for writing the Zotob and Mytob worms, and Atilla Ekici, a 21-year-old man from Turkey who apparently financed the effort (see "Moroccan, Turk arrested over worm outbreak").
According to an FBI spokesman, the 16 individuals now being investigated are not believed to have any direct links to the actual creation and dissemination of the worms that hit several large organizations two weeks ago. Rather, "it looks more like they are associated with a credit card theft ring" possibly linked to the worms, he said.
The news is further evidence of the growing alliance between hackers and those seeking to profit from cybercrime, said Graham Cluley, a senior technology consultant at antivirus firm Sophos PLC.
"It is certainly something that we thought has been happening for some time," Cluley said. "What you are likely to see here over the next few days is the unravelling of an entire identity fraud gang."
According to Cluley, Sophos researchers have discovered that at least 20 other worms and viruses -- including multiple versions of Zotob and Mytob and a version of last year's prolific Mydoom worm -- were created by Essebar. All of these worms and viruses include the Diabl0 handle that Essebar used as a code name, he said.
Malware such as Zotob and Mytob are used by hackers to download so-called bot programs that allow remote servers to take control of compromised systems and steal information from them. The communication between an infected system and remote server is often done using the Internet Relay Chat (IRC) messaging protocol.
Mytob variants created by Diabl0 communicated with a server apparently owned by a group called the 0x90-team whose Web site discussed hacker exploits and credit card fraud, said Ken Dunham, a senior engineer at VeriSign iDefense Intelligence in Reston, Va. The site, which is registered to an individual in Paris, runs several online forums on how to make money by selling, buying and trading such information, he said.
Diabl0 had his own private directory on the Web server hosting the site, which he used to download the various variants of Mytob and other worms that he created, Dunham said.
According to one source who asked not to be named, the server belonging to the 0x90-team

Continued...
1 | 2 | NEXT  

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

"The recent attacks in Mumbai were carried out by assailants using high tech methods. It’s just another way in which..." Read more... Read more Security posts or See all Blogs

Microsoft spells out Vista SP2 contents Clues point to Jan. 13 release of Windows 7 beta Transmitting data from the middle of nowhere More top stories...

Virtually every Windows PC at risk, says Secunia License server glitch exposes SonicWall users to e-mail security threats In high-tech schools of the future, Facebook in class is boosted -- not banned

Review: The new MacBook Air, now with extra SSD goodness Thin as ever, the latest Air offers up to twice the storage and snappy performance. Cool Stuff: Your 2008 Holiday Gift Guide We've got an array of economical, expensive, and just plain weird tech gifts for your friends and family. Massive botnet returns from the dead, starts spamming The spam-spewing 'Srizbi' botnet that was shut down two weeks ago has been resurrected and is again under criminal control, say security researchers. Elgan: Why you can't trust 'friends' on Facebook Facebook is popular and growing -- especially with criminals. Here's why they love it. Windows 7 Get the latest news, reviews and more about Microsoft's newest desktop operating system More Continuing Coverage Windows 7 Voting Technology Google's Chrome browser Economy in turmoil: Latest news and tips iPhone 3G Bill Gates moves on Windows Vista A to Z Mac A to Z 2008 Salary Survey Find wage data for 50 IT job titles. More Special Reports 2008 Premier 100 IT Leaders 2007 Premier 100 IT Leaders 2008 Best Places to Work in IT 2007 Best Places to Work in IT 2008 Salary Survey 2007 Salary Survey 2006 Salary Survey 2008 IT Forecast 2007 IT Forecast 40 Years of Computerworld Top 12 Green-IT Users The FAQs About Going Green IT Schools to Watch iPhone: One Year Later Global Mobile Your Next Data Center Management: Reinventing IT Stop Data Leaks Web 2.0 Security Surviving Disasters Managing Storage Virtualization The Lean Storage Machine Storage on Trial Can Web 2.0 Save BI? Bypass These BI Potholes All Zones Business Continuity Zone The File Data Management Zone Security Management Zone The SAS Zone Business Intelligence and Analytics Zone The Enterprise Search Zone Software as a Service Zone The Security Zone See your link here

Moving to Windows Vista: The Promise, The Reality Moving to Windows Vista: The Promise, The Reality View this exclusive webcast today! Go to the webcast  Managing Mobile Data with Endpoint Security for Laptops Download this white paper now, compliments of Computerworld and Absolute Software. (Source: Absolute Software) A NetworkWorld survey of IT professionals found that only 1 in 100 employees consistently follow data security policy. This paper outlines endpoint security for laptops that restricts data access beyond encryption to safeguard against insider threats and user error.Read this whitepaper to learn lessons from recent data breaches, limitations of traditional data security, and how to remotely wipe out data and monitor computers that go off the network. Download this executive briefing  Record Capacity for Microsoft® Exchange 2007 With VMware and IBM System x3850 M2 Download this white paper today! (Source: VMware) The more that e-mail becomes an entrenched IT infrastructure application, the more that messaging administrators face numerous--sometimes conflicting--demands in the categories of availability, flexibility and cost. Employing a virtual solution can help avoid expensive over-provisioning of server computing resources, while improving management and disaster recovery. And ultimately, it can more than double the number of supportable Exchange 2007 users, as compared to a non-virtualized environment. This whitepaper explains how to break down the scalability barrier and respond faster to your mail system needs. Download this white paper  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. The Importance of Application Management Dell Client Migration and Deployment Services Windows® Enterprise Data Protection with Symantec Backup Exec" View more whitepapers

• Microsoft spells out Vista SP2 contents
• Virtually every Windows PC at risk, says Secunia
• Clues point to Jan. 13 release of Windows 7 beta
• More top stories