|The Zotob and Mytob worms allow hackers to take
remote control of infected computers.
Experts at SophosLabs™, Sophos's global
network of virus, spyware and spam analysis centers, have
discovered that one of the men arrested last week in
connection with the Zotob worm outbreak which exploited a Microsoft
security hole, appears to be linked to over 20 other viruses.
18-year-old Farid Essebar, a Russian-born resident of Morocco,
was arrested by the authorities on Thursday 25 August, less than
two weeks after worms disrupted high profile organizations around
the world. An alleged associate, Atilla Ekici, was detained in
Turkey and the authorities claim that he paid Essebar to write the
Essebar is believed to go by the handle "Diabl0", a phrase
embedded inside the W32/Zotob-A worm. It is
not unusual for malware authors to leave their handles inside their
malicious code, sometimes alongside other messages.
Sophos researchers have determined that over 20 other viruses
include the "Diabl0" handle, including:
Versions of the Mytob worm are currently dominating
worldwide virus reports - accounting for over 54% of all virus
reports to Sophos so far during August 2005.
"To the untrained eye the Mytob and Zotob worms can appear quite
different: one group of viruses travels via email, the other mostly
by exploiting a Microsoft security hole. But when examined by an
experienced virus analyst, the similarilities become clear. It
appears whoever wrote Zotob had access to the Mytob source code,
ripped out the email-spreading section and plugged in the Microsoft
exploit," said Graham
Cluley, senior technology consultant for Sophos. "The Mytob
worms have made a significant impact on the virus outbreak charts
this year, so anything which may prevent future variants from being
developed and released must be welcomed. However, it's possible
that several people have access to the Mytob source code - so it
may not be the last we see of this internet scourge."
Sophos continues to recommend that companies protect all tiers
of their organization - their desktops, servers and email gateways
- with automatically updated anti-virus
software to reduce the risk of infection.