Hackers Jailed for Zotob Worm Attack

Two Moroccan hackers have been jailed for creating and distributing the Zotob worm that squirmed through Windows 2000 networks in August 2005.

According to reports out of Morocco, Farid Essebar, the 19-year-old hacker who wrote the worm code and used it to hijack computers globally for use in for-profit botnets, was sentenced to two years in prison for his role in the attack.

Achraf Bahloul, a 22-year-old friend of Essebar, will serve one year in jail.

The fate of Atilla Ekici, of Turkey, who was arrested a year ago after investigators determined he had a “financial relationship” with Essebar, is not yet known.

Essebar, who used the online moniker “Diabl0,” was charged with creating the Zotob attack code and selling it to Ekici, who used the name “Coder.”

According to law enforcement authorities, the online names of both men were found in messages buried in early versions of Zotob and frequently show up in variants of other bot programs, according anti-virus researchers. For example, machines infected by Zotob.A, the original version of the worm, connected to an IRC server called “diabl0.turkcoders.net” and contained the words “Greetz to good friend Coder.”

The Zotob worm exploited a critical flaw in the Windows PnP (Plug and Play) service, a common component that allows the operating system to detect new hardware on a Windows system.

The worm severely affected operations at several high-profile U.S. businesses, including CNN, The New York Times, SBC Communications and DaimlerChrysler.

Check out eWEEK.com’s for the latest security news, reviews and analysis.