Feeds

Zotob perp jailed

Hard time for bot ne'er-do-well

Beginner's guide to SSL certificates

One of the men behind the Zotob worm was jailed yesterday by a Moroccan court, Agence France-Presse reports. Farid Essebar, aka "Diabl0", received two years for perpetrating the Zotob outrage which exploited a Microsoft Plug and Play vulnerability and attacked computer systems including those of CNN, ABC, the Financial Times and the New York Times back in August 2005.

Fellow Moroccan Achraf Bahloul also got hit with a one year sentence by the court, although he was not directly involved in the Zotob outrage. Rather, he seems to have been caught up in the whole thing for employing Essebar's "Diabl0" alias while using pirated credit card data.

Essebar and his alleged paymaster, Atilla Ekici, aka "Coder", were arrested just 12 days after the attack following an FBI dragnet. Ekici was cuffed in his native Turkey where he has been charged with financing the attack.

The Zotob worm started spreading on 14 August 2005 and mainly affected systems running Windows 2000. Two days later it earned it keep with attacks on the aforementioned corporate systems. As we reported at the time, Zotob and later variants, were all based on versatile attack programs, known as "bot software".

The Zotob worms compromised systems by sending data on port 445. If a computer was infected with the program, the worm created a file-transfer protocol (FTP) server and used it to upload the worm to other vulnerable systems.

The worm showed its pedigree by retaining some bot functionality, Reg security guru John Leyden noted. Computers infected with the worm joined an internet relay chat (IRC) session at a predefined addresses. An attacker who knows the IRC channel password could command the bot to disconnect or reconnect to the IRC channel, obtain system information, clean itself from the system, modify security settings, and download or execute files.

The worm, dubbed Botzor2005 by its creator, contained both Diabl0's and Coder's handles. The worm acknowledged Coder as well as it tried to connect to an IRC channel named diabl0.turkcoders.net. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
SHELLSHOCKED: Fortune 1000 outfits Bash out batches of patches
CloudPassage points to 'pervasive' threat of Bash bug
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.