Tech Shout!

The authors of the well-known Zotob computer virus have been issued a sentence by a Moroccan court.

To the luck of the authorities, as the virus began spreading its claws over the web, the two Moroccan authors were arrested. Named Farid Essabar, popularly known as Diabl0 and Achraf Bahloul, they both face allegations of conspiracy, theft, by making use of forged credit cards and illegal access to computers, during the trial.

Zotob attacked mostly Windows 2000-powered computers in August 2005. It affected millions of computers, among which were included those of CNN, the Financial Times and the New York Times. Since Windows 2000 is mainly used by large companies, these were Zotob’s main victims.

Over 100 large companies, among which heavy plant maker Caterpillar is one of the most popular, have reported losses as a result of infestation with Zotob. At news firm CNN the worm disrupted the station’s live reports. Computers infected by the worm fell into a cycle of constant re-starts.

The authorities caught up with the two accused in the crime less than a fortnight after the virus struck and many anti-virus experts were surprised that they were based in Morocco. Essabar now faces two years in jail and Bahloul one year.

When authorities seized Essebar’s computer, they found a copy of the worm’s “source code, which he had apparently compiled applying Microsoft’s Visual Studio program. Visual Studio — like other Microsoft productivity tools — encodes information about the computer user into each file that’s created with the software, and in this case the program embedded the text string “C:\Documents and Settings\Farid” into the source code. Talk about being caught red-handed.

Essebar, a Russian-born 19-year-old science student couldn’t stop bragging about his accomplishment with Zotob and with the Rbot computer worm, a family of malware that he was convicted of authoring and one that has spawned hundreds of variants. Shortly after the emergence of Zotob, Security Fix wrote about an online conversation that a source had with Diabl0, wherein Essebar bragged about the money he was making using Zotob and Rbot to install ad-serving browser toolbars, whose corporate sponsors pay distributors like him pennies per installation.

The worm surfaced online just ten days after Microsoft shipped a software patch to fix the problem the worm exploited.