Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

Zotob Authors Sentenced in Morocco

By Scott M. Fulton, III, BetaNews

September 12, 2006, 7:42 PM

Two convicted developers of a worm designed last year to infect Windows 2000-based systems were sentenced today to one and two years in prison, Maghreb Arabe Presse is reporting this afternoon.

Farid Essebar, age 19, was sentenced to two years imprisonment by a court in his native Morocco for his part in producing the W2K worm, dubbed Zotob, which utilized a mass-mail attachment to copy itself into the Windows SYSTEM32 directory. From there, it would launch a process intended to preclude users from accessing certain Web sites, mainly from anti-virus vendors.

By testing the temper of security companies, Essebar and his accomplice, Achraf Bahloul -- now age 22 and sentenced to one year in jail -- managed to raise threat levels for the worm to critical levels. The FBI and Middle Eastern law enforcement agencies, at one point, worked together in an international manhunt, which at one point pegged as many as 16 suspects, according to the FBI.

The fact that there were so many suspects raised suspicions even further, as some security analysts warned of a kind of worm-writing war going on amongst members of the digital underground.

As it turned out, they were partly right: The two convicted writers did indeed want to show off for their friends and rivals. But they didn't do too great a job of it, as bugs in their own code actually prevents the payload from achieving its main objective to spread itself further.

CNN was among the many news agencies whose systems were affected by the spread of Zotob through the mail attachment, which did work. At one point, reporters in the network's own Atlanta headquarters were able to capture live images of their systems continually rebooting -- a product of the defective code -- without ever leaving the main studio.

Microsoft's most recent edition of its Malicious Software Removal Tool continues to detect and delete the multiple strains of Zotob that resulted from this little skirmish in one of the shallower corners of the digital underground.

Add a Comment (2 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By imafurby

posted Sep 13, 2006 - 9:34 AM

CNN's computers rebooting live. What a memorable TV moment. Maybe Larry King could interview the worm sometime?

Score: 0

By samanathon

posted Sep 12, 2006 - 8:13 PM

"little skirmish in one of the shallower corners of the digital underground"

Nice!

Score: 0

Nov 21 - 6:51 PM ET Coalition urges better laws for e-mail and cell phone privacy

Nov 21 - 6:42 PM ET How is Internet advertising faring in this bad economy?

Nov 21 - 6:15 PM ET From out of the Amazon Cloud, an AWS winner emerges

Nov 21 - 5:20 PM ET Mufin music finder enters public beta, adds widgets

Nov 21 - 5:01 PM ET Google launches its SearchWiki semantics plug-in

Nov 21 - 4:57 PM ET Asus previews a slimmer, less costly Eee PC

Nov 21 - 4:32 PM ET New Adobe Media Player ushers in AIR 1.5

Nov 21 - 2:11 PM ET AT&T to add Pantech's low-cost C630 phone to 3G lineup

Nov 21 - 1:11 PM ET iPhone gets firmware 2.2 update

Nov 21 - 11:51 AM ET The Dell surprise: Higher earnings on lower revenue