August 30, 2005 2:33 PM PDT

Zotob worm linked to credit card fraud ring

Turkish authorities have linked one of the suspects in the Zotob worm case to individuals thought to be part of a credit card fraud ring, according to the FBI.

Atilla Ekici, a 21-year-old Turk who used the nickname "Coder," may be affiliated with people thought to be part of a credit card fraud ring in Turkey, an FBI representative said on Tuesday. Ekici was one of two men arrested last week for allegedly unleashing several computer worms, including the Zotob worm that disrupted businesses worldwide two weeks ago.

Turkish authorities have identified about a dozen individuals thought to be involved in credit card fraud. "It is believed that these individuals have links to Coder," the FBI representative said. "The investigation is still ongoing, but there is no indication these people actually wrote or distributed the Zotob worm."

Zotob attacked computers running Microsoft's Windows 2000 operating system. The worm and its offshoots hit PCs and servers worldwide two weeks ago, including machines at ABC, CNN and Daimler Chrysler.

Ekici along with Farid Essebar, an 18-year-old Moroccan national born in Russia, are believed to be responsible for Zotob and the earlier Mytob and Rbot worms. Essebar was arrested in Morocco on Thursday of last week, the same day authorities nabbed Ekici.

The suspected link to a credit card fraud ring expands the possible financial motivation for the Zotob and Mytob worm attacks. The FBI last week said that it believes Essebar wrote both worms and then sold them to Ekici.

Both Mytob and Zotob attack Windows computers and feature backdoor capabilities. Criminals could use this backdoor to install software that spies on users or to install "bot" programs that create "botnets," networks of hijacked PCs that are rented out to relay spam or attack other systems.

Meanwhile, experts at antivirus company Sophos say they believe Essebar may have had a hand in more than 20 computer pests. The teen's handle, "Diabl0," appears in more than 20 other viruses and worms, including Mydoom-BG and many versions of Mytob, which are currently dominating worldwide virus reports, according to Sophos.

Zotob and its variants exploited a security hole in the plug-and-play feature in the OS, for which Microsoft provided a fix earlier this month. Zotob included some of the code used in Mytob, an e-mail worm that first started spreading in March. To date, more than 100 variants of Mytob have been spotted. The worm is distributed via mass e-mail campaigns.

The investigation into the Mytob and Zotob worms is ongoing and other suspects may be arrested, according to the FBI.

2 comments

Join the conversation!
Add your comment
Zotob net catching bigger and bigger phisers
Zotob net catching bigger and bigger phisers

EDI Secure LLLP through its POA and Founder, A.T. Alishtari see that Zotob net caught many little phishers as said severally in the media last week. The bank rape of private ID in the marketplace is continuing however the phishers doing the job usually get away with it.

Thank God, the international cyber police system is now focusing on laying out more and more extensive nets to first slow them down and then to have the little phishers lead them to the big cyber mafia phishers.
Posted by (66 comments )
Reply Link Flag
Zotob net catching bigger and bigger phisers
Zotob net catching bigger and bigger phisers

EDI Secure LLLP through its POA and Founder, A.T. Alishtari see that Zotob net caught many little phishers as said severally in the media last week. The bank rape of private ID in the marketplace is continuing however the phishers doing the job usually get away with it.

Thank God, the international cyber police system is now focusing on laying out more and more extensive nets to first slow them down and then to have the little phishers lead them to the big cyber mafia phishers.
Posted by (66 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.