« Zotob (Bozori) virus author caught | Main | Opera - 10 years party giveaways »
August 30, 2005
Chatting with the Zotob author
Brian Krebs from Washingtonpost has an interesting story in his weblog, "Security Fix".
Quite different from most of the other news on Farid Essebar which just quote one another, Brian includes an interview with David Taylor, a security expert from University of Pennsylvania in Philadelphia, who was able to find Diabl0 on IRC before getting caught, and chat with him.
Read the full story.
Diabl0 needed IRC to control his bot armies, which he "rented" to his friend "Coder" in Turkey. Despite obfuscating the server IP and other login information in the worm's code, finding them was trivial for any serious antivirus researcher. From there, accessing the IRC server and locating Diabl0 and Coder proved to be a simple enough task with the help of FBI and Turkish/Moroccan authorities.
I wonder if we are going to see a decrese in the number of bots relying on IRC to receive commands from their masters.
Posted by Costin Raiu at August 30, 2005 11:27 AM