Computer Crime Research Center


Computer crime chronicles

Date: April 25, 2006
Source: USA Today
By: Byron Acohido and Jon Swartz, USA TODAY

... all these smiley faces. Maybe he didn't realize what he was doing was so bad."

In early August, Diabl0 capitalized on a golden opportunity when Microsoft issued its monthly set of patches for newly discovered security holes in Windows. As usual, independent researchers immediately began to analyze the patches as part of a process to develop better security tools. Cybercrooks closely monitor the public websites where results of this kind of research get posted.

Diabl0 latched onto one of the test tools and turned it into a self-propagating worm, dubbed Zotob, says Charles Renert,director of research at security firm Determina. Much like Mytob, Zotob prepared the infected PC to receive adware. But Zotob did one better: It could sweep across the Internet, infecting PCs with no user action required.

Diabl0 designed Zotob to quietly seek out certain Windows computer servers equipped with the latest compilation of upgrades, called a service pack. But he failed to account for thousands of Windows servers still running outdated service packs, says Peter Allor, director of intelligence at Internet Security Systems.

By the start of the next workweek, Zotob variants began snaking into older servers at the Canadian bank CIBC, and at ABC News, The New York Times and CNN. The servers began rebooting repeatedly, disrupting business and drawing serious attention to the new worm. "Zotob had a quality-assurance problem," says Allor. Diabl0 had neglected to ensure Zotob would run smoothly on servers running the earlier service packs, he says.

Within two weeks, Microsoft's Internet Safety Enforcement Team, a group of 65 investigators, paralegals and lawyers, identified Essebar as Diabl0 and pinpointed his base of operations. Microsoft's team also flushed out a suspected accomplice, Atilla Ekici, 21, nicknamed Coder.

Microsoft alerted the FBI, which led to the Aug. 25 arrests by local authorities of Essebar in Morocco and Ekici in Turkey.

The FBI holds evidence that Ekici paid Essebar with stolen credit card numbers to create the Mytob variants and Zotob, Louis Reigel, assistant director of the FBI's Cyber Division told reporters.

While Ancheta operated as a sole proprietor, and Maxwell was part of a three-man shop, Essebar and Ekici functioned more like freelancers, says Allor. They appeared to be part of a loose "confederation of folks who have unique abilities," says Allor.

"They come together with others who have unique abilities, and from time to time they switch off who they work with."

Despite their notoriety, Essebar, Ancheta and Maxwell represent mere flickers in the Internet underworld. More elite hackers collaborating with organized crime groups take pains to cover their tracks — and rarely get caught.

"Those toward the lower levels of this strata are the ones that tend to get noticed and arrested pretty quickly," says Martin Overton, a security specialist at IBM.
Original article

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2007-02-26 07:22:48 - The information I found here was rather... uomo
2007-02-22 15:39:01 - Nice site you have!... dizionario
Total 2 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo