Pair jailed for role in Zotob attack | SC Media

Pair jailed for role in Zotob attack

September 14, 2006

Moroccan authorities have jailed two men for their part in the creation of the Zotob worm - the malware that disrupted networks at various national media outlets more than a year ago.

Farid Essebar, 19, a Russian-born resident of Morocco, was sentenced to two years in jail. Achraf Bahloul, 22, got a year in prison for his part in creating the worm, which exploited the critical MS05-039 flaw in August of last year.

The malware, which disrupted television programming on CNN, is believed to have been created with the help of a Turkish associate named Atilla Ekici, who was arrested 12 days after the initial attack along with Essebar.

Experts from Sophos said they believe Essebar used the nom de guerre "Diabl0," a word embedded inside the worm.

Ron O'Brien, senior security analyst at Sophos, said today that Zotob, a variant of Mytob, accounted for more than half of the viruses reported to his firm during August of last year.

"Diab10 appeared in 20 different versions of Mytob during that time. Mytob was 54 percent of all viruses reported to Sophos in August (2005)," he said. "Unfortunately, I think the possibility for a similar incident still exists."

Essebar appeared in a Turkish court last September after he was arrested with Ekici a month before following an investigation between the FBI and Moroccan and Turkish police.

David Marcus, security research and communications manager for McAfee Avert Labs, said today that the worm became well known because of how quickly it was developed and the amount of damage it caused.

"It gained prominence very easily because it was based on a vulnerability, and when the worm came out, it was only a very short period of time after the vulnerability was released. It got a lot of attention for that," he said. "The last number I heard was that it caused $400 million in damage."

Click here to email Frank Washkuch Jr.

prestitial ad