Security news12 September 2006
Jail for Zotob worm gang who hit CNN and New York Times Cybercriminals plotted to generate revenue by infecting innocent users
 |
| The Financial Times published a message on its website about the worm to its readers. |
Authorities in Morocco have sentenced Farid Essebar and Achraf Bahloul to jail for their part in writing and unleashing the Zotob worm which disrupted computers at CNN, ABC, The Financial Times, and The New York Times.
The court convicted Farid Essebar, a 19-year-old science student, to two years in jail and 22-year-old Achraf Bahloul for one year, for their part in creating and spreading the worm.
The Zotob worm exploited the critical MS05-039 security vulnerability in Microsoft's software in August 2005. Amongst its victims was the CNN news station whose programming was disrupted because of infected computers.
Essebar, a Russian-born resident of Morocco, is believed by SophosLabs researchers to have used the handle "Diabl0", a phrase embedded inside the W32/Zotob-A worm. It is not unusual for malware authors to leave their handles inside their malicious code, sometimes alongside other messages. Sophos researchers have linked "Diabl0" to over 20 other pieces of malware.
According to authorities in Morocco, Essebar and Bahloul worked closely with an accomplice in Turkey, named as Atilla Ekici by the FBI. Essebar and Ekici were arrested in Morocco and Turkey 12 days after the initial attack.
"The Zotob gang took over innocent company's computers with the intention of making money. By blasting their way into PCs via a Microsoft vulnerability they ripped control of the computer away from its owner and into the hands of hackers," said Graham Cluley, senior technology consultant for Sophos. "Once the PCs were under their control they could plant revenue-generating adware, steal information such as credit card details and passwords, as well as potentially use the computers for launching spam and distributed denial-of-service attacks."
According to Sophos, the Zotob worm reflects an increasing trend for malware to be financially motivated.
"More and more malicious code is written with the intention of filling the pockets of the hackers," continued Cluley. "The authorities should be congratulated for working together to apprehend this gang, and for sending out a clear message that the crimes they committed are not going to be tolerated."
The two men are said by their lawyers to be planning to lodge appeals.
Sophos recommends that companies protect their email gateways with a consolidated solution to defend against viruses, spyware and spam, as well as secure their desktop and servers with automatically updated protection.
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
About Sophos
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.
See also:
- Breaking news: worm attacks CNN, ABC, The Financial Times, and The New York Times
- Arrested Zotob worm suspect linked to 20 other viruses
- PC users point the finger at Microsoft over latest virus outbreak
- "My client didn't write the worm", claims lawyer representing Zotob suspect
- Free notification of new viruses found in the wild
