Authorities in Morocco have sentenced Farid Essebar and Achraf Bahloul to jail for their part in writing and unleashing the Zotob worm which disrupted computers at CNN, The Financial Times, ABC, and The New York Times.
The court sentenced Farid Essebar, a 19-year-old science student, to two years in jail and 22-year-old Achraf Bahloul to one year, for their part in creating and spreading the worm.
The Zotob worm exploited the critical MS05-039 security vulnerability in Microsoft’s software in August 2005. Among Zotob’s victims was the CNN news station whose programming was disrupted because of infected computers.
Essebar, a Russian-born resident of Morocco, is believed by Sophos to have used the handle “Diabl0”, a phrase embedded inside the Zotob-A worm. It is not unusual for malware authors to leave their handles inside their malicious code, sometimes alongside other messages. Sophos researchers have linked “Diabl0” to over 20 other pieces of malware.
According to authorities in Morocco, Essebar and Bahloul worked closely with an accomplice in Turkey, named as Atilla Ekici by the FBI. Essebar and Ekici were arrested in Morocco and Turkey 12 days after the initial attack.
“The Zotob gang took over the computers of innocent companies with the intention of making money. By blasting their way into PCs via a Microsoft vulnerability they ripped control of the computer away from its owner and into the hands of hackers,” said Graham Cluley, senior technology consultant for Sophos. “Once the PCs were under their control they could steal information such as credit card details and passwords, as well as potentially use the computers for launching spam and distributed denial-of-service attacks.”
According to Sophos, the Zotob worm reflects an increasing trend for malware to be financially motivated.