[Dshield] F-Secure: So who is Diabl0?

Stephane Grobety security at admin.fulgan.com
Mon Aug 29 14:46:16 GMT 2005


In the script kiddies world, it's pretty common to take a binary, open
it with a hex editor and change some parts like IP addresses and
embedded strings to create a new variant of the worm: no source code
is used.

This means that most "authors" are probably completely unrelated to
one another. getting the guy who wrote the initial source code is
probably the best you can hope.

Good luck,
Stephane

FPF> Well, we know that "Diabl0" had also authored several of the
FPF> Mytob variants since February this year. However, he's not behind
FPF> all of them. There's around 70 known variants of Mytob and
FPF> practically all of them create botnets of the infected machines.
FPF> Some of these botnets have been controlled by unrelated groups,
FPF> such as Blackcarder. And we've found new Mytob variants just
FPF> yesterday, which obviously are not written by Diabl0. So several
FPF> people have access to Mytob source code and have been making
FPF> their own variants.



-- 
Best regards,
 Stephane                            mailto:security at admin.fulgan.com



More information about the list mailing list