For Immediate Release
FBI National Press Office
AUTHORITIES SENTENCE TWO IN ZOTOB COMPUTER WORM ATTACK
D.C. Moroccan authorities announced the sentencing
of two individuals believed to be responsible for the creation
and distribution of the "Zotob" computer worm
that was unleashed one year ago and disrupted services on
computer networks of more than 100 U.S. companies including
major news organizations.
the help of Moroccan authorities, the Ministry of Interior
Turkish National Police, and valuable assistance from Microsoft
Corporation, three individuals were arrested on August 25,
2005, just 12 days after the worm was released. Arrested
in Morocco was Farid Essebar, 18, a Moroccan national born
in Russia who went by the screen moniker "Diabl0"
and his 20-year old friend, Achraf Bahloul. Arrested in
Turkey was Atilla Ekici, aka "Coder," a 21-year
old resident of Turkey. All individuals were subject to
local prosecution. The Moroccan court convicted the two
Moroccan men for conspiracy, theft, using forged credit
cards and illegal access to computer systems. Essebbar was
sentenced to two years, and Bahloul was sentenced to one
Cyber Division Assistant Director James E. Finch said, "The
only way to identify and prosecute cyber criminals in the
21st century is through effective partnerships between domestic
and international law enforcement and from the private sector.
This case is just one example of the global reach of these
crimes. We commend the Moroccan authorities for the successful
prosecution of these individuals."
At the time of their arrests, Microsoft Senior Vice President
and General Counsel Brad Smith said, "We congratulate
the Turkish and Moroccan authorities and the FBI for finding
and apprehending the alleged distributors of the Zotob and
Rbot worms so quickly. These arrests demonstrate the value
of public-private collaboration - the first-class investigative
work by the authorities and 'round-the-clock technical and
investigative support provided by our Internet Crime Investigations
Team here at Microsoft. The results show clearly that cyber
criminals will be identified, apprehended and held accountable
for their actions."
is a worm that targets Windows 2000 and XP-based computers.
The worm opens a back door and exploits the Microsoft Windows
Plug and Play Buffer Overflow Vulnerability (described in
Microsoft Security Bulletin MS05-039). By lowering the Microsoft
Internet Explorer security settings, the virus was able
to successfully infect 100% of the computers that executed
concerning the worm and its removal can be located on the
Microsoft Website at: www.microsoft.com/security/incident/zotob.mspx
protect against various computer infections, PC users should
adopt a maintenance mindset to help keep their devices safe,
and practice good security behaviors. These include using
an Internet firewall, diligently installing security updates,
using up-to-date antivirus software, as well as using newer
and more secure software that has been engineered to better
protect against emerging online threats.
| Press Releases | FBI
Home Page |