By John E. Dunn

The teenager arrested on suspicion of writing and distributing the Zotob Windows 2000 worm may have authored more than 20 other viruses, it has emerged.

The claim was made by anti-virus company Sophos, which has analysed a number of viruses incorporating the Diabl0 "handle” or moniker used by the accused, 18-year-old Farid Essebar.

Other viruses and worms suspected of being his handiwork include the Mydoom variant, Mydoom-BG, and the Zotob-related Mytob worm that the company says currently accounts for over half of all virus traffic reported to it in August.

The Russian-born Moroccan resident was arrested last Thursday, after computer forensic work by the FBI traced him and his alleged accomplice, Atilla Ekici, to addresses in the country, and in Turkey.

Police have since widened their net in Turkey, arresting a further 16 people earlier this week on suspicion of distributing Zotob and Mytob, which caused widespread disruption to Windows 2000 systems around the world two weeks ago.

Posted by Greg Hewitt-Long in Virus & AntiVirus News at 09:25

In the latest AV-Comparatives.org "On-Demand" comparative, NOD32 rated an Advanced+

(if using a non-IE browser, view their PDF's - because their comparative pages are NOT mozilla friendly).

Posted by Greg Hewitt-Long in NOD32 News at 06:38

By Tom Sanders

Security experts are debating if a security vulnerability in a Windows tool could offer a hiding place for spyware.

According to a report filed by security researcher Igor Franchuk, the Registry Editor in Windows XP and Windows 2000 suffers from a security vulnerability. Entering an abnormally long string into the Windows registry makes all following entries invisible to the tool.

The reported vulnerability could prevent spyware, keystroke loggers and other malware from being detected by spyware and anti-virus tools.

"If a registry scanning tool that is looking for malware scans the registry and does not handle the long key properly, it is thus missing a malware infection," Mitchell Ashley, chief technology officer with StillSecure, told us.

The Windows registry is a system file within the operating system that among things instructs the software which applications to launch when Windows boots up.

Posted by Greg Hewitt-Long at 16:34

The third zotob worm variant (Win32.Zotob.C) - also known as Win32/Mytob.IT was detected with Advanced Heuristics, and confirms with a signature update.

You can search for the known zotob variants here:

Search NOD32 Updates for Zotob worm and other search terms

If you are infected with the zotob worm, we offer a free zotob worm removal tool, which can handle all know strains of the worm - zotob worm removal tool.

Posted by Greg Hewitt-Long in NOD32 News at 08:22