|
- A new Internet virus targeting recently uncovered flaws in Microsoft Corp.'s Windows operating system is circulating on the Internet, an anti-virus computer software maker said on Monday.The ZOTOB virus appeared shortly after the world's largest software maker warned of three newly found "critical" security flaws in its software last week, including one that could allow attackers to take complete control of a computer. Trend Micro Inc. said that the worm exploits security holes in Microsoft's Windows 95, 98, ME, NE, 2000 and XP platforms and can give computer attackers remote access to affected systems. "Hundreds of infection reports were sighted in the United States and Germany," Tokyo-based Trend Micro said. But computer security engineers at Microsoft said that the worm is only targeting Windows 2000 and not the other versions of Windows. "It only affected Windows 2000," said Stephen Toulouse, a manager at Microsoft's Security Response Center. "So far its has shown a very limited impact -- we're not seeing any widespread impact to the Internet, but we remain vigilant." The latest virus drops a copy of itself into the Windows system folder as BOTZOR.EXE and modifies the system's host file in the infected user's computer to prevent the user from getting online assistance from anti-virus Web sites, Trend Micro added. The worm can also connect to a specific Internet relay chat server and give hackers remote control over affected systems, which can be used to infect other unpatched machines in a network and slow down network performance. "Since most users may not be aware of this newly announced security hole so as to install the necessary patch during last weekend, we can foresee more infections from WORM_ZOTOB," it said. Last Tuesday, Microsoft issued patches to fix its security flaws as part of its monthly security bulletin. The problems affect the Windows operating system and Microsoft's Internet Explorer Web browser. Microsoft has warned that an attacker could exploit a vulnerability in its Internet Explorer Web browser, lure users to malicious Web pages and could run a software code on the user's PC giving the attacker control of the affected computer. Computer users should update their anti-virus pattern files and apply the latest Microsoft patches to protect their computer systems, Trend Micro said. More than 90 percent of the world's PCs run on the Windows operating system and Microsoft has been working to improve the security and reliability of its software. |
|
Accused computer virus writers arrested http://news.ft.com/c.gif Moroccan and Turkish authorities have arrested two men believed to have written and released the Zotob computer worm that created havoc on networks at more than 100 US and other corporations almost two weeks ago. // The two men, a Moroccan and a Turk, were arrested after Microsoft, the software maker, tracked the worm’s electronic trail across the internet and passed on its findings to the US Federal Bureau of Investigation. Authorities said it was believed Atilla Ekici, 21, of Turkey, released Zotob across the internet after paying Farid Essebar, 18, of Morocco, to write the computer worm. Zotob caused computer shutdowns at more than 100 companies, including media outlets such as CNN, The New York Times and Financial Times. The worm also contained a back-door Trojan, which allows hackers to secretly take control of infected computers at a later date. Authorities said there was as yet no evidence to indicate the case involved identity theft or bank fraud, although the investigation was continuing. Brad Smith, general counsel at Microsoft, noted that hackers who tried to plant back-door Trojans usually wished to avoid calling attention to themselves. “They clearly failed to take control of people’s computers, because when you cause computers to shut down, you aren’t going to be very successful.” Whoever released the worm “hadn’t quite perfected the technology”, he said. The FBI said the two men, who face charges in their home countries, were also believed to have been involved in the earlier release of at least two other computer worms. The two men are thought to have worked together via the internet but officials were not sure if they had met face to face. The FBI said there was no evidence yet to suggest the two were working with a large organisation. Speculation they were both involved in the MyDoom attack last year was not confirmed by the FBI. The Bureau said cyber crime laws in Morocco and Turkey were are not as advanced as in the US, although the two men could be charged under consumer protection or consumer fraud statutes. The FBI also said it was too early to assess monetary damages from the Zotob attack |
|
The expanding investigation into this month's Zotob worm outbreak is uncovering evidence of the growing nexus between worm writers and gangs looking to profit from cybercrime that security experts have been warning about. The FBI today confirmed that Turkish law enforcement officials are investigating 16 more suspects in connection with the Zotob worm and its variants. This follows last Thursday's arrests of Farid Essebar, an 18-year-old Moroccan believed to have been responsible for writing the Zotob and Mytob worms, and Atilla Ekici, a 21-year-old man from Turkey who apparently financed the effort. According to an FBI spokesman, the 16 individuals now being investigated are not believed to have any direct links to the actual creation and dissemination of the worms that hit several large organizations two weeks ago. Rather, "it looks more like they are associated with a credit card theft ring" possibly linked to the worms, he said. The news is further evidence of the growing alliance between hackers and those seeking to profit from cybercrime, said Graham Cluley, a senior technology consultant at antivirus firm Sophos PLC. "It is certainly something that we thought has been happening for some time," Cluley said. "What you are likely to see here over the next few days is the unravelling of an entire identity fraud gang." According to Cluley, Sophos researchers have discovered that at least 20 other worms and viruses -- including multiple versions of Zotob and Mytob and a version of last year's prolific Mydoom worm -- were created by Essebar. All of these worms and viruses include the Diabl0 handle that Essebar used as a code name, he said. Malware such as Zotob and Mytob are used by hackers to download so-called bot programs that allow remote servers to take control of compromised systems and steal information from them. The communication between an infected system and remote server is often done using the Internet Relay Chat (IRC) messaging protocol. Mytob variants created by Diabl0 communicated with a server apparently owned by a group called the 0x90-team whose Web site discussed hacker exploits and credit card fraud, said Ken Dunham, a senior engineer at VeriSign iDefense Intelligence in Reston, Va. The site, which is registered to an individual in Paris, runs several online forums on how to make money by selling, buying and trading such information, he said. Diabl0 had his own private directory on the Web server hosting the site, which he used to download the various variants of Mytob and other worms that he created, Dunham said. According to one source who asked not to be named, the server belonging to the 0x90-team is located in the U.S. And, according to anti-virus firm F-Secure in Finland, the group's Web site has been used as an underground gathering site for bot authors for quite a while. A code analysis of the Zotob.A worm and a couple of other variants shows that it was controlled by an IRC server named diabl0.turkcoders.net, Cluley said. The code contained a personal greeting to a person called Coder, which was the handle used by Ekici, the Turk arrested last week. "That points to the guy in Turkey, who is alleged to have paid the worm author for writing Zotob," Cluley said. |
