Quantcast
PC World: Technology Advice You Can Trust
Search
Browse by Topic
Subscribe to magazine

Magazine

Subscribe & Get
a Bonus CD

Customer Service

Find a Review
Dads & Grads Gift Guide Audio & Video Business Center Cameras Cell Phones & PDAs Communications Components & Upgrading Desktop PCs DVD & Hard Drives Gaming Hardware & Software HDTV Laptops Macs & iPods Monitors Printers Spyware & Security The PCW Test Center Windows Vista & XP
Resource Centers
Asus Notebook Center
CDW Solution Center
HP Ink Center
Intel Technology Center
Lenovo Laptop Showcase
White Paper Library
Webcast Library
Most Popular Search Terms
Most Popular Products
Most Popular Downloads
Free Newsletters
Receive the latest reviews, how-to's, news, and more.
Weekly Brief
Daily Downloads
Daily Technology News
Go
WiFi Finder
Locate wireless services by a specific address, city, state, country, airport, or zip code.
RSS Feeds
Get our latest content via convenient RSS feeds.
Latest News
Today @ PC World
Become a PCW Member
Join the community and start enjoying the benefits:
  • Get tech advice from thousands of PC World Members
  • Rate and recommend the latest tech products
  • Share your thoughts in blog and article comments
  • Get free excerpts and exclusive discounts on Super Guides
Signing up is free and easy.
Read More About: Worms

Zotob Arrests Highlight Cybercrime Organization

Investigation shows how worm writers and Web gangs work together, experts say.

Jaikumar Vijayan, Computerworld

Wednesday, August 31, 2005 7:00 AM PDT
Recommend this story?
Yes
No

The expanding investigation into this month's Zotob worm outbreak is uncovering evidence of the growing nexus between worm writers and gangs looking to profit from cybercrime, according to security experts.

The FBI this week confirmed that Turkish law enforcement officials are investigating 16 more suspects in connection with the Zotob worm and its variants.

This follows last week's arrests of Farid Essebar, an 18-year-old Moroccan believed to have been responsible for writing the Zotob and Mytob worms, and Atilla Ekici, a 21-year-old man from Turkey who apparently financed the effort.

According to an FBI spokesperson, the 16 individuals now being investigated are not believed to have any direct links to the actual creation and dissemination of the worms that hit several large organizations two weeks ago. Rather, "it looks more like they are associated with a credit card theft ring" possibly linked to the worms, he says.

The news is further evidence of the growing alliance between hackers and those seeking to profit from cybercrime, says Graham Cluley, a senior technology consultant at antivirus firm Sophos.

"It is certainly something that we thought has been happening for some time," Cluley says. "What you are likely to see here over the next few days is the unraveling of an entire identity fraud gang."

Searching for the Source

According to Cluley, Sophos researchers have discovered that at least 20 other worms and viruses--including multiple versions of Zotob and Mytob and a version of last year's prolific Mydoom worm--were created by Essebar. All of these worms and viruses include the Diabl0 handle that Essebar used as a code name, he says.

Malware such as Zotob and Mytob are used by hackers to download so-called bot programs that allow remote servers to take control of compromised systems and steal information from them. The communication between an infected system and remote server is often done using the Internet Relay Chat (IRC) messaging protocol.

Mytob variants created by Diabl0 communicated with a server apparently owned by a group called the 0x90-team whose Web site discussed hacker exploits and credit card fraud, says Ken Dunham, a senior engineer at VeriSign iDefense Intelligence in Reston, Virginia. The site, which is registered to an individual in Paris, runs several online forums on how to make money by selling, buying and trading such information, he says.

Diabl0 had his own private directory on the Web server hosting the site, which he used to download the various variants of Mytob and other worms that he created, Dunham says.

According to one source who asked not to be named, the server belonging to the 0x90-team is located in the U.S. And, according to antivirus firm F-Secure in Finland, the group's Web site has been used as an underground gathering site for bot authors for quite a while.

A code analysis of the Zotob.A worm and a couple of other variants shows that it was controlled by an IRC server named diabl0.turkcoders.net, Cluley says. The code contained a personal greeting to a person called Coder, which was the handle used by Ekici, the Turk arrested last week.

"That points to the guy in Turkey, who is alleged to have paid the worm author for writing Zotob," Cluley says.


Computerworld
For more enterprise computing news, visit Computerworld. Story copyright © 2007 Computerworld Inc. All rights reserved.


Recommend this story?
Yes
No
Related Searches: zotob worm windows arrest profit

Comments
Related Content
HP Ink Center
Bring improved color and brilliance to your printed material. Visit the Resource Center for more info...
CDW Solution Center
Deliver speed and scalability in your storage systems. Find out how at the CDW Solution Center.
Asus Notebook Center
Ultra-fashionable thin and light notebooks with SmartLogon Face Recognition. Find out more at the Asus Resource Center.
Intel Processor Technology
Which Intel Processor is Right for You?
Which Intel Processor is Right for You?Centrino, Core 2 Duo, Core 2 Quad, Core 2 Extreme? Check out the Intel Technology Center for more info...
Are you a gamer?
Are you a gamer?Visit the Intel's Gaming section for the latest downloads, hottest gaming events and to learn about Intel & Gaming.
See what Intel can do for Vista...
See what Intel can do for Vista...Discover how Windows Vista technology work in the benchmarks with Intel Centrino processor technology.
VoIP Web Demo
Join Altigen for a Live Web Demo and learn how VoIP technology can improve your business communications.
The Future Sales Force - A Consultative Approach
This white paper discusses the challenges of selling complex products and services, and the new skill sets sales professionals must employ.
Latest News
Verizon Wins $678.5 Million Homeland Security Contract
Verizon will provide Internet protocol and security services, as well as emergency communications services to help the department respond quickly to disasters. 16-May-2008
Florida Seeks to Fine Verizon for Bad Service
Florida's attorney general said on Thursday the state was seeking to fine Verizon for violating service standards. 16-May-2008
RIM Will Launch Touch-Screen BlackBerry in Q3: Report
The device, known as the Thunder, is to be sold exclusively through Verizon Wireless in the U.S. and Vodafone abroad. 16-May-2008
Bogus Grand Theft Auto IV Contains Trojan
Hundreds of Grand Theft Auto IV fans eager to get their hands on a free copy of the game have been targeted by a Trojan virus. 16-May-2008
Apple Dismisses Safari Download Issue
A security researcher has published a demonstration exploit that takes advantage of the download mechanism in Apple's Safari. 16-May-2008
NASA Moves to Save Computers From Swarming Ants
A flood of voracious ants is heading straight for Houston, taking out computers, radios and even vehicles in their path. 16-May-2008
Online Maps Reveal Noise Levels Across England
Maps showing noise levels in towns across England were published on Friday in an attempt to reduce the disruption caused by factories, planes, trains and cars. 16-May-2008
Konami to Release Rock Revolution This October
Unveiled at the Konami Gamer's Night on Wednesday, Rock Revolution was confirmed for release on Xbox 360, PS3, Wii, and DS. 16-May-2008
Sega Announces Trio of Games for Wii, DS, 360 and PS3
A fourth unannounced game, being developed by Resident Evil creator Shinji Mikami, is also in the works. 16-May-2008
Wii Outsells All Non-Nintendo Systems Combined in April
According to NPD data released Thursday, Nintendo sold an incredible 714,000 Wiis last month. 16-May-2008

PC World's Marketplace

PC World's Free Whitepapers

Name City
Address 1 State Zip
Address 2 E-mail (optional)