Zotob Worm Authors Behind Bars
Two members of a hacking ring responsible for unleashing the disruptive "Zotob" computer worm last fall were sentenced this week by Moroccan authorities to a total of three years in prison.
Sentenced were Farid Essebar, 18, a Moroccan national born in Russia who went by the online screen name "Diabl0," and his 20-year-old friend Achraf Bahloul, also of Morocco. The two were arrested by international authorities in August 2005, after officials at the FBI and Microsoft Corp. presented evidence that Essebar was hired to write the worm by Atilla Ekici, a.k.a "Coder," a 21-year-old resident of Turkey.
Essebar received a two-year jail sentence, while Bahloul got just one year behind bars. The Moroccan court convicted the two men for conspiracy, theft, using forged credit cards and illegal access to computer systems, according to the FBI. Ekici's case is still progressing in the Turkish courts, an FBI spokesman said.
Essebar wasn't the sharpest crayon in the box: When authorities seized his computer, they found a copy of the worm's "source code, which Essebar had apparently compiled using Microsoft's Visual Studio program. Visual Studio -- like other Microsoft productivity tools -- encodes information about the computer user into each file that's created with the software, and in this case the program embedded the text string "C:\Documents and Settings\Farid" into the source code. Talk about being caught red-handed.
Essebar also couldn't help but brag about his success with Zotob and with the Rbot computer worm, a family of malware that he was convicted of authoring and one that has spawned hundreds of variants. Shortly after the emergence of Zotob, Security Fix wrote about an online conversation that a source had with Diabl0, wherein Essebar bragged about the money he was making using Zotob and Rbot to install ad-serving browser toolbars, whose corporate sponsors pay distributors like him pennies per installation.
The worm surfaced online just ten days after Microsoft shipped a software patch to fix the problem the worm exploited. All told, Zotob wrought havoc inside the networks of more than 100 companies, including news organizations such as CNN, ABC and the New York Times.
Posted by: bianco | September 15, 2006 11:56 AM | Report abuse
Posted by: um | September 15, 2006 12:53 PM | Report abuse
Posted by: Sarah | September 15, 2006 3:31 PM | Report abuse
Posted by: Richard B. Britton | September 17, 2006 8:11 AM | Report abuse
Posted by: David Taylor | September 18, 2006 8:05 AM | Report abuse
Posted by: thrh | September 19, 2006 12:43 AM | Report abuse
Posted by: geep | September 20, 2006 11:50 AM | Report abuse
Posted by: MsFixIt | September 21, 2006 12:56 PM | Report abuse
The comments to this entry are closed.