Monday, August 29, 2005

F-Secure: So who is Diabl0?

Mikko writes on the F-Secure "News from the Lab" Blog:

The big news of the weekend was the arrest of two guys related to the Zotob worms ("Diabl0" and "Coder").

But who are these guys really? And who's behind the other PnP worms that were found during the last two weeks?

Well, we know that "Diabl0" had also authored several of the Mytob variants since February this year. However, he's not behind all of them. There's around 70 known variants of Mytob and practically all of them create botnets of the infected machines. Some of these botnets have been controlled by unrelated groups, such as Blackcarder. And we've found new Mytob variants just yesterday, which obviously are not written by Diabl0. So several people have access to Mytob source code and have been making their own variants.

However, we do know that Diabl0 aka Farid Essebar was associated with 0x90-Team. For example, some earlier Mytob variants downloaded additional components www.0x90-team.com/~diablo/.

The website of 0x90-team has been operating as an underground gathering site for bot authors for quite a while[...]

0 Comments:

Post a Comment

<< Home