 |
| The Financial Times published a message on its website about the worm to its readers. |
Authorities in Morocco have sentenced Farid Essebar and Achraf Bahloul to jail for their part in writing and unleashing the Zotob worm which disrupted computers at CNN, ABC, The Financial Times, and The New York Times.
The court convicted Farid Essebar, a 19-year-old science student, to two years in jail and 22-year-old Achraf Bahloul for one year, for their part in creating and spreading the worm.
The Zotob worm exploited the critical MS05-039 security vulnerability in Microsoft's software in August 2005. Amongst its victims was the CNN news station whose programming was disrupted because of infected computers.
Essebar, a Russian-born resident of Morocco, is believed by SophosLabs researchers to have used the handle "Diabl0", a phrase embedded inside the W32/Zotob-A worm. It is not unusual for malware authors to leave their handles inside their malicious code, sometimes alongside other messages. Sophos researchers have linked "Diabl0" to over 20 other pieces of malware.
According to authorities in Morocco, Essebar and Bahloul worked closely with an accomplice in Turkey, named as Atilla Ekici by the FBI. Essebar and Ekici were arrested in Morocco and Turkey 12 days after the initial attack.
"The Zotob gang took over innocent company's computers with the intention of making money. By blasting their way into PCs via a Microsoft vulnerability they ripped control of the computer away from its owner and into the hands of hackers," said Graham Cluley, senior technology consultant for Sophos. "Once the PCs were under their control they could plant revenue-generating adware, steal information such as credit card details and passwords, as well as potentially use the computers for launching spam and distributed denial-of-service attacks."
According to Sophos, the Zotob worm reflects an increasing trend for malware to be financially motivated.
"More and more malicious code is written with the intention of filling the pockets of the hackers," continued Cluley. "The authorities should be congratulated for working together to apprehend this gang, and for sending out a clear message that the crimes they committed are not going to be tolerated."
The two men are said by their lawyers to be planning to lodge appeals.
Sophos recommends that companies protect their email gateways with a consolidated solution to defend against viruses, spyware and spam, as well as secure their desktop and servers with automatically updated protection.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.