Zotob virus written for cash

One of the virus writers lives in Morocco – a country not previously known for hacking – but it transpires that he lived previously in Russia, a country with severe economic problems and lots of out of work programmers.

Exploit code – the code that documents the vulnerability that allows commands to be injected into a target computer – was written by a Russian based hacker known only as houseofdabus. This use of handles is typical, as is the difficulty in tying people to real identities.

“Few virus writers now want to hit the front pages, said Mr Hypponen, most prefer to have their creations sneak under the radar, rack up a few thousand unwitting victims who are then milked for money or saleable data.”

Virus attacks are now organised for money and commissioned by criminal gangs. The need to transfer money provides a possible avenue for police to track down the writers – the only person to be caught so far for the London bank hack attempt was the recipient of funds in Israel.

Amazingly, a University of Pennsylvania security specialist was able to chat to the writer of the virus – handle diab10 – while investigating a phishing attack on the University e-mail server.

“During the chat, Diabl0 revealed that the Mytob worm had a very sneaky purpose. One of its intentions was to lower security settings on Microsoft’s Internet Explorer browser so certain pop-up adverts would not be blocked.

Diabl0 said he would be paid by the pop-up ad makers for every user hit. Even if the compromised users managed to remove the virus, bragged Diabl0, the settings would likely go unchanged and the stream of unwanted adverts would continue.

Every time an ad was sent to a user, Diabl0 would get credited with a click. With Zotob being one of the worst outbreaks of 2005, Diabl0 could have expected a bumper payday. “

The runaway spread of the virus lead agencies to take action.

Comments are closed.