[ISN] Report: Zotob worm authors jailed

From: InfoSec News (alerts@private)
Date: Tue Sep 12 2006 - 22:35:38 PDT


http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9003247

By Robert McMillan
September 12, 2006 
IDG News Service

Two Moroccan men have been jailed for releasing the Zotob computer worm, 
which wreaked havoc on an estimated 250,000 Windows PCs last year.

Farid Essebar, 19, of Morocco was sentenced to two years in prison on 
Tuesday by a Moroccan court, according to a report by Agence 
France-Presse. An accomplice, Achraf Bahloul, also of Morocco, received 
a one-year sentence, the report said.

A third man, 22 year-old Atilla Ekici, of Turkey has been charged with 
financing the attack, which shut down PCs in a number of major 
corporations in mid-August 2005.

The worm primarily affected Windows 2000 systems, taking advantage of a 
bug in the operating system's Plug and Play service that had been 
patched by Microsoft just days before the outbreak.

Though it did not infect as many computers as more widespread worms such 
as Sasser or MyDoom, Zotob did take out systems at media outlets, 
including Cable News Network LP LLLP (CNN), prompting widespread 
publicity.

Ekici and Essebar, known also by their hacker names of "Coder" and 
"Diabl0," respectively, were arrested just 12 days after the release of 
Zotob, but authorities had also been investigating 16 other individuals 
in connection with a credit card theft ring that may have been linked to 
the worms.

It is not unusual for hackers to create networks of compromised 
computers, like the one created by the Zotob worm, for identity theft, 
said Graham Cluley, a senior technology consultant with antivirus vendor 
Sophos PLC.


_________________________________
HITBSecConf2006 - Malaysia 
The largest network security event in Asia 
32 internationally renowned speakers 
7 tracks of hands-on technical training sessions. 
Register now: http://conference.hitb.org/hitbsecconf2006kl/



This archive was generated by hypermail 2.1.3 : Tue Sep 12 2006 - 22:52:21 PDT