Zotob suspects linked to underground network

One of the virus writers suspected of creating the Zotob and Mytob worms has been linked to a notorious network of malware creators called 0x90-team.

Finnish antivirus expert Mikko Hyppönen, director of antivirus research at F-Secure, claimed in a blog posting on Monday that a virus writer nicknamed "Diabl0", who is believed to have been behind last week's virus outbreaks, had used the 0x90-team network in order to download malicious code.

F-Secure spokesman Patrick Runald said the 0x90-team (pronounced "zero ex ninety team") was a forum and file-sharing network dedicated to malware. Users could request and share malicious code such as the Zotob, Rbot and SDbot viruses. "Thousands of users used the forum," according to Runald.

The 0x90-team Web site has since been taken completely offline, probably by 0x90-team itself. This is because it was defaced on Saturday by unknown "hacktivists", according to Patrick Runald.

The 0x90-team Web site was hacked with a message which stated that the site had been defaced because it only offered third party products, but no "knowledge", according to Hyppönen. There was also a threat: "If you continue to hold this place to train script kiddies, we will come back."

Two men were arrested at the end of last week on suspicion of authoring both the Mytob and Zotob worms. Farid Essebar, an 18-year-old Moroccon national born in Russia, is suspected of being Diabl0. Atilla Ekici, a 21-year-old Turkish resident, is suspected of operating under the online alias "Coder".

Essebar was arrested in Morocco, while Ekici was arrested in Turkey. They will be prosecuted in the countries in which they were arrested, with the FBI providing the evidence.