Network News

X My Profile
View More Activity

Zotob Worm Authors Behind Bars

Two members of a hacking ring responsible for unleashing the disruptive "Zotob" computer worm last fall were sentenced this week by Moroccan authorities to a total of three years in prison.

Sentenced were Farid Essebar, 18, a Moroccan national born in Russia who went by the online screen name "Diabl0," and his 20-year-old friend Achraf Bahloul, also of Morocco. The two were arrested by international authorities in August 2005, after officials at the FBI and Microsoft Corp. presented evidence that Essebar was hired to write the worm by Atilla Ekici, a.k.a "Coder," a 21-year-old resident of Turkey.

Essebar received a two-year jail sentence, while Bahloul got just one year behind bars. The Moroccan court convicted the two men for conspiracy, theft, using forged credit cards and illegal access to computer systems, according to the FBI. Ekici's case is still progressing in the Turkish courts, an FBI spokesman said.

Essebar wasn't the sharpest crayon in the box: When authorities seized his computer, they found a copy of the worm's "source code, which Essebar had apparently compiled using Microsoft's Visual Studio program. Visual Studio -- like other Microsoft productivity tools -- encodes information about the computer user into each file that's created with the software, and in this case the program embedded the text string "C:\Documents and Settings\Farid" into the source code. Talk about being caught red-handed.

Essebar also couldn't help but brag about his success with Zotob and with the Rbot computer worm, a family of malware that he was convicted of authoring and one that has spawned hundreds of variants. Shortly after the emergence of Zotob, Security Fix wrote about an online conversation that a source had with Diabl0, wherein Essebar bragged about the money he was making using Zotob and Rbot to install ad-serving browser toolbars, whose corporate sponsors pay distributors like him pennies per installation.

The worm surfaced online just ten days after Microsoft shipped a software patch to fix the problem the worm exploited. All told, Zotob wrought havoc inside the networks of more than 100 companies, including news organizations such as CNN, ABC and the New York Times.

By Brian Krebs  |  September 14, 2006; 6:48 PM ET
Categories:  Fraud  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: AOL Issues Security Update
Next: New Firefox Version Fixes 7 Security Holes



Posted by: bianco | September 15, 2006 11:56 AM | Report abuse

Wow, that's great!

Now, what about that macbook that can be hacked in 60 seconds or less? Any further comments? Do you stand by your work? Or do you prefer we never speak of it again?

Posted by: um | September 15, 2006 12:53 PM | Report abuse

To those obsessed with the past events. . .we have a saying over here, 'act your age and not your shoe size!' (for adults, UK shoe sizes are from 4 to 14.)

Posted by: Sarah | September 15, 2006 3:31 PM | Report abuse

It's good to hear that two more hackers have been sent to prison for creating and sending out destructive worms.
I contend, however, that it's only due to blunders by programmers in designing our computer operating systems that a virus, worm, etc. can gain access to a computer. I base this on logic.
All I ask is that my computer receive text emails and photos and look at websites. A fax machine can probably be made to do that, and I don't believe a fax machine can get a virus. Why must a computer have a multiplicity of portals when we only receive one message at a time? And why is a foreign ISP able to send instructions into our computer that can tell it what to do?

Posted by: Richard B. Britton | September 17, 2006 8:11 AM | Report abuse

Wow, this finally came to a close! I hope Diabl0 learned his lesson and hope others see it isn't okay to hijack other people's computers. He really didn't think what he was doing was bad.

and to the um: how far do you go before your actions are labeled harassment? Why don't you find something else to become obsessed with!

Posted by: David Taylor | September 18, 2006 8:05 AM | Report abuse

Hope all their roommates are called "Bubba."

Posted by: thrh | September 19, 2006 12:43 AM | Report abuse

Ditto, thrh! Hope they both have lots of fun discovering new viruses in Morocco's famous prison system.

Posted by: geep | September 20, 2006 11:50 AM | Report abuse

I am really annoyed at people that blame everything on programmers. Put the blame where it really needs to be, the criminals. If these guys were doing the proper thing we would not have to worry about viruses and worms. Just because the neighbor goes on vacation doesn't mean that her house should be robbed. That is why these people are criminals, it is a criminal act and I hope they receive more time.

Posted by: MsFixIt | September 21, 2006 12:56 PM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company