|
| The Financial Times published a message on its
website about the worm to its readers. |
Authorities in Morocco have sentenced Farid Essebar and Achraf
Bahloul to jail for their part in writing and unleashing the Zotob
worm which disrupted computers at CNN, ABC, The Financial Times,
and The New York Times.
The court convicted Farid Essebar, a 19-year-old science
student, to two years in jail and 22-year-old Achraf Bahloul for
one year, for their part in creating and spreading the worm.
The Zotob worm exploited the critical MS05-039 security
vulnerability in Microsoft's software in August 2005. Amongst its
victims was the CNN news station whose programming was disrupted
because of infected computers.
Essebar, a Russian-born resident of Morocco, is believed by
SophosLabs researchers to have used the handle "Diabl0", a phrase
embedded inside the W32/Zotob-A worm. It is
not unusual for malware authors to leave their handles inside their
malicious code, sometimes alongside other messages. Sophos
researchers have linked "Diabl0" to over 20 other
pieces of malware.
According to authorities in Morocco, Essebar and Bahloul worked
closely with an accomplice in Turkey, named as Atilla Ekici by the
FBI. Essebar and Ekici were arrested in Morocco and Turkey 12 days
after the initial attack.
"The Zotob gang took over innocent company's computers with the
intention of making money. By blasting their way into PCs via a
Microsoft vulnerability they ripped control of the computer away
from its owner and into the hands of hackers," said Graham Cluley, senior
technology consultant for Sophos. "Once the PCs were under their
control they could plant revenue-generating adware, steal
information such as credit card details and passwords, as well as
potentially use the computers for launching spam and distributed
denial-of-service attacks."
According to Sophos, the Zotob worm reflects an increasing trend
for malware to be financially motivated.
"More and more malicious code is written with the intention of
filling the pockets of the hackers," continued Cluley. "The
authorities should be congratulated for working together to
apprehend this gang, and for sending out a clear message that the
crimes they committed are not going to be tolerated."
The two men are said by their lawyers to be planning to lodge
appeals.
Sophos recommends that companies protect their email gateways
with a consolidated solution to defend
against viruses, spyware and spam, as well as secure their desktop
and servers with automatically updated protection.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.