Operating System » MS Windows » Windows - Virus Protection » Alert: Computer Virus Outbreaks » Zotob Computer Virus » Zotob culprit found

Zotob culprit found

Farid Essebar (alias Diabl0 online) a 18 year old Russian born Moroccan, was arrested in Morocco. Farid Essebar, may be linked to at least 20 other virus strains. At the same time Atilla Ekici (alias Coder online), 21 year old Turk, was arrested in Turkey on Thursday 25 August 2005, according to FBI agents. Ekici could have paid Essebar to put the Zotob worm together. They will be prosecuted in those countries.

The Zotob worm is a variant of the Mytob virus which had plugged in to it exploit code written by a Russian hacker called houseofdabus. Exploit code produced by houseofdabus was also used by German teenager Sven Jaschan to create the Sasser worm which struck on 1 May 2004.

The authorities in Morocco and Turkey have arrested two people believed to be responsible for unleashing a computer worm that infected networks at U.S. companies and government agencies this month. Microsoft provided FBI and these government agencies technical information and analytical support, which helped them gather evidence and arrest the people currently under suspicion. Law enforcement officers in Rabat, Morocco, and in Adana and Ankara in Turkey, arrested the people they consider were responsible for the development and the spread of the worm on the Internet.

Another 14 suspects were arrested in Ankara, Turkey according to Turkish press reports from Ankara and Istanbul. Security experts believe that the virus writers responsible for Zotob got their code from a group called the 0x90-team (pronounced 'zero ex ninety team'). These virus writers suspected of creating the Zotob and Mytob worms has been linked to a notorious network of malware creators called 0x90-team. On 0x90-team.com website where users could request and share malicious code such as the Zotob, Rbot and SDbot viruses. According to whois 0x90-team.com is registered on 07-Oct-2004 to BURY, JACK 23 R Fbg St Antoine PARIS 75011 France. The server belonging to the 0x90-team is located in the U.S., the group's Web site has been used as an underground gathering site for bot authors for quite a while. It runs several online forums on how to make money by selling, buying and trading such information. The site has since been shutdown.

The following were posting on the site forum taken from Google Cache.

sack44
nah although i tried that, there is a much easier way
05.02.05 16:57

MaKaVeLi
fx0 <-n00b . Skyz defaced digital-pimps.org 0wNeD =P
05.02.05 04:07

DiablO (DiablO from sky2k4 team)
0x90-team.com/~diablo/
This is Diabl0 private directory on the Web server hosting the site, which he used to download the various variants worms that he created.
sack44 sql injection.
04.02.05 15:09

sack44
owned
02.02.05 14:11

fwprivate
aloo
30.01.05 17:16

kurt
dasK_ i think that he dont remembre you.. hehe he dont remember all pl who he rip
29.01.05 02:24

dasK_
Level... remember me LOL
31.12.04 02:29

b3a
where are you find a good and stable version of the rxbot ?
30.12.04 00:27

Level
rx_sky2k4_final and final2 are both renamed bots
30.11.04 06:43

rohlen
ne 1 with some good sht that u can send? contact me in tht case - rohlen gmail.com / 172126512.
12.11.04 15:12

spin
no!
31.10.04 14:22

xil
has someone good bot with good spreaders? like fast lsass or something better?
16.10.04 18:37

satanz
nice site guys . if u need more bots pm me i got some nice one
14.10.04 00:59

Updated On: 15.02.13

Leave your message, comment or feedback:
Your Name (shown) & Your E-mail (hidden) is used only to alert you when someone reply your message.