[Dshield] Two Arrested in Zotob Worm Probe

Joel Esler eslerj at gmail.com
Mon Aug 29 12:51:19 GMT 2005


I don't mean to upset anyone, but can we kill this thread before we  
turn into Full-Disclosure please?  This was the reason that Johannes  
was hesitant about making the list unmoderated.  Thank you.

J


On Aug 28, 2005, at 11:00 PM, Craig Webster wrote:

> On 29 Aug 2005, at 00:38, womber wrote:
>
>> Great use of punctuation yourself there.
>>
>
> Fantastic example of top posting ;)
>
> I don't think the complaints will ever end ... what did I do wrong  
> in this post?
>
>
>> On 8/28/05, micah wyatt <mwyatt at tbdsl.net> wrote:
>>
>>
>>> Good spelling!!!!
>>>
>>> -----Original Message-----
>>> From: list-bounces at lists.dshield.org
>>> [mailto:list-bounces at lists.dshield.org] On Behalf Of womber
>>> Sent: Saturday, August 27, 2005 10:08 PM
>>> To: General DShield Discussion List
>>> Subject: Re: [Dshield] Two Arrested in Zotob Worm Probe
>>>
>>> Were not arresting you for creating a worm.
>>> We are arresting you for being extreamly stupid.
>>>
>>> On 8/27/05, jayjwa <jayjwa at atr2.ath.cx> wrote:
>>>
>>>
>>>>
>>>> On Fri, 26 Aug 2005, Fergie (Paul Ferguson) wrote:
>>>>
>>>> -> Two men have been arrested regarding the Zotob PnP worm case.
>>>>
>>>> -> Moroccan authorities arrested "Diabl0", aka Farid Essebar and
>>>>
>>>>
>>> Turkey
>>>
>>>
>>>> authorities arrested "Coder", aka Atilla Ekici. The suspects are  
>>>> aged
>>>>
>>>>
>>> 18
>>>
>>>
>>>> and 21, respectively.
>>>>
>>>> -> Both nicknames can be found from the code of Zotob.A: the worm
>>>> connected to a irc server named "diabl0.turkcoders.net" and  
>>>> contained
>>>>
>>>>
>>> the
>>>
>>>
>>>> words "Greetz to good friend Coder".
>>>>
>>>> -> Diabl0 is most likely associated with some of the Mytob variants
>>>>
>>>>
>>> too.
>>>
>>>
>>>>
>>>>
>>>> Lesson #1: Never put your name in your worm/virus/irc-bot binary.
>>>>
>>>>
>>> F-Secure
>>>
>>>
>>>> looks for subliminal messages there.
>>>>
>>>> Lesson #2: Never have it connect back to your own server (if said
>>>>
>>>>
>>> server
>>>
>>>
>>>> also contains your name, see #1, above).
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> (Before I get a dozen argry #3 "don't write worms" replies, to  
>>>> quote
>>>> Foghorn Leghorn: "It's a joke, son.")
>>>>
>>>>
>>>> j
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> send all posts to list at lists.dshield.org
>>>> To change your subscription options (or unsubscribe), see:
>>>>
>>>>
>>> http://www.dshield.org/mailman/listinfo/list
>>>
>>>
>>>>
>>>>
>>>>
>>>
>>>
>>> _______________________________________________
>>> send all posts to list at lists.dshield.org
>>> To change your subscription options (or unsubscribe), see:
>>> http://www.dshield.org/mailman/listinfo/list
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> send all posts to list at lists.dshield.org
>>> To change your subscription options (or unsubscribe), see: http:// 
>>> www.dshield.org/mailman/listinfo/list
>>>
>>>
>>>
>>
>>
>> _______________________________________________
>> send all posts to list at lists.dshield.org
>> To change your subscription options (or unsubscribe), see: http:// 
>> www.dshield.org/mailman/listinfo/list
>>
>>
>
> Yours,
> Craig
> --
> Craig Webster | e  : craig at xeriom.net
> Xeriom.NET    | web: http://xeriom.net/
>
>
>
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http:// 
> www.dshield.org/mailman/listinfo/list
>


More information about the list mailing list