Zotob Authors Sentenced in Morocco
Two convicted developers of a worm designed last year to infect Windows 2000-based systems were sentenced today to one and two years in prison, Maghreb Arabe Presse is reporting this afternoon.
Farid Essebar, age 19, was sentenced to two years imprisonment by a court in his native Morocco for his part in producing the W2K worm, dubbed Zotob, which utilized a mass-mail attachment to copy itself into the Windows SYSTEM32 directory. From there, it would launch a process intended to preclude users from accessing certain Web sites, mainly from anti-virus vendors.
By testing the temper of security companies, Essebar and his accomplice, Achraf Bahloul -- now age 22 and sentenced to one year in jail -- managed to raise threat levels for the worm to critical levels. The FBI and Middle Eastern law enforcement agencies, at one point, worked together in an international manhunt, which at one point pegged as many as 16 suspects, according to the FBI.
The fact that there were so many suspects raised suspicions even further, as some security analysts warned of a kind of worm-writing war going on amongst members of the digital underground.
As it turned out, they were partly right: The two convicted writers did indeed want to show off for their friends and rivals. But they didn't do too great a job of it, as bugs in their own code actually prevents the payload from achieving its main objective to spread itself further.
CNN was among the many news agencies whose systems were affected by the spread of Zotob through the mail attachment, which did work. At one point, reporters in the network's own Atlanta headquarters were able to capture live images of their systems continually rebooting -- a product of the defective code -- without ever leaving the main studio.
Microsoft's most recent edition of its Malicious Software Removal Tool continues to detect and delete the multiple strains of Zotob that resulted from this little skirmish in one of the shallower corners of the digital underground.