Zotob

Zotob

"The Zotob worm and several variations of it, known as Rbot.cbq, SDBot.bzh and Zotob.d, infected computers at companies such as ABC, CNN, The Associated Press, The New York Times, and Caterpillar Inc." — Business Week, August 16, 2005.

Zotob is a computer worm which exploits security vulnerabilities in Microsoft operating systems like Windows 2000, including the MS05-039 plug-and-play vulnerability. This worm has been known to spread on Microsoft-ds or TCP port 445.

It was declared that the Zotob worms cost an average of $97,000 as well as 80 hours of cleanup per company affected.[1]

Contents

Rbot variant

Zotob was derived from the Rbot worm. Rbot can force an infected computer to continuously restart. Its outbreak on August 16, 2005 was covered "live" on CNN television, as the network's own computers got infected. Zotob would self-replicate each time the computer rebooted, resulting in each computer having numerous copies of the file by the time it was purged. This is similar to the Blaster (Lovesan) worm.[clarification needed]

Sequence of events

  • August 9, 2005: Security advisory
    "On August 9th, Microsoft released critical security advisory MS05-039 which revealed a vulnerability in the Plug-and-Play component of Windows 2000. Code to patch the loophole was also made available." [2]
  • Virus writing
    "In the days since Microsoft's announcement, virus writers have released several variants of both Zotob and RBot, along with updated versions of older worms named SD-Bot and IRC-Bot, designed to take advantage of the newly discovered flaw." [3]
  • August 13, 2005: Emerged on Saturday
    "The worms, called Zotob and Rbot, and variants of them, started emerging Saturday, computer security specialists said, and continued to propagate as corporate networks came to life at the beginning of the week." [4]
  • August 16, 2005: Took down CNN live
    "Around 5 p.m. problems began at CNN facilities in New York and Atlanta before being cleared up about 90 minutes later." [5]
    "CNN, breaking into regular programming, reported on air that personal computers running Windows 2000 at the cable news network were affected by a worm that caused them to restart repeatedly."[6]
    "The Internet Storm Center, which tracks the worldwide impact of computer worms, indicated on its Web site that no major Internet attack was underway. Likely this is an isolated event, which became newsworthy because CNN got infected. We do not see any new threats at this point, the site read." [7]
  • August 17, 2005: CIBC and other banks, companies affected
    "CIBC says the Zotob worm caused some isolated outages, but did not affect ATMs, Internet or phone banking. The virus also hit other Canadian businesses but has not caused widespread shutdowns."[8]
  • August 26, 2005: A suspect is arrested in Morocco
    "Under the request of the FBI, Moroccan police arrests 18 year old Farid Essebar, a Moroccan, suspected for being behind the spread of the virus." [9]
  • September 16, 2006: Sentencing
    "The creators of the Zotob Windows worm Farid Essabar and his friend Achraf Bahloul were sentenced by a court in Morocco [10].

Arrest of the coders

On August 26, 2005, Farid Essebar and Atilla Ekici were arrested in Morocco and Turkey, respectively. They are believed to be the men behind the worm's coding.

A signature in the Zotob worm code suggested it was coded by Diabl0 and the IRC server it connects to is the same used in previous version of Mytob. Diabl0 is believed to have incorporated the code of a Russian nicknamed houseofdabus [11] whose journal has been shut down by authorities [12], just after the arrest of Diabl0. The coder (Ekici) probably paid Diabl0 (Essebar) to write the code.

"He says it's all about making money, and that he doesn't care if people remove the worm because it's the spyware stuff that he installs that's making him the money, Taylor said in a conversation with me." [13]

On August 30, 2005, controversial reports emerged from different anti-virus firms. Sophos declared that several people had access to the Mytob source code (a variant of the worm). On the other hand, F-Secure declared that it has found multiple variants of Mytob that were coded after the arrest of Essebar. Those declarations suggest that Essebar is only a part of a larger group of Dark-side hackers behind the spread of the malware.[14]

See also

References

External links and sources

Security vulnerability information

Worm information

News coverage

  • BBC News Windows 2000 worm hits US firms
  • BBC News Windows 2000 bug starts virus war
  • BBC News Two detained for US computer worm
  • BBC News Money motive drove virus suspects
  • New York Times Virus Attacks Windows Computers at Companies
  • CNN Worm strikes down Windows 2000 systems
  • MSNBC Computer worms strike media outlets
  • Reuters Computer virus hits U.S media outlets
  • Slashdot Zotob Worm Hits CNN and Goes Global
  • Information Week Zotob Proves Patching "Window" Non-Existent
  • Security Now! PodCast - Episode #1: "As the Worm Turns" [1]

Wikimedia Foundation. 2010.

Игры ⚽ Поможем написать курсовую

Look at other dictionaries:

  • Zotob (computer worm) — The Zotob worm and several variations of it, known as Rbot.cbq, SDBot.bzh and Zotob.d, infected computers at companies such as ABC, CNN, The Associated Press, The New York Times, and Caterpillar Inc. mdash; Business Week, August 16, 2005.Zotob is …   Wikipedia

  • Червь Zobot — Zobot  компьютерный червь, использующий уязвимости операционных систем Microsoft Windows XP и Windows 2000[1]. От данного червя особенно сильно пострадали американские компании ABC, CNN, The New York Times, согласно газете Business Week от… …   Википедия

  • Farid Essebar — ( ar. فريد الصبار) (born in 1987, known as Diabl0) is a Moroccan black hat hacker. He was one of the two masterminds (along with Turkish Atilla Ekici) behind the spread of the Zotob Computer worm that targeted Windows 2000 operating systems in… …   Wikipedia

  • Хронология компьютерных вирусов и червей — Здесь приведён хронологический список появления некоторых известных компьютерных вирусов и червей, а также событий, оказавших серьёзное влияние на их развитие. Содержание 1 2012 2 2011 3 2010 4 2009 …   Википедия

  • Windows 2000 — Part of the Microsoft Windows family Screenshot of Windows 2000 Professional …   Wikipedia

  • Timeline of notable computer viruses and worms — This is a timeline of noteworthy computer viruses and worms.1970 1979Early 1970s* Creeper virus was detected on ARPANET infecting the Tenex operating system. Creeper gained access independently through a modem and copied itself to the remote… …   Wikipedia

  • E-mail spam — E mail spam, also known as bulk e mail or junk e mail, is a subset of spam that involves nearly identical messages sent to numerous recipients by e mail. A common synonym for spam is unsolicited bulk e mail (UBE). Definitions of spam usually… …   Wikipedia

  • August 2005 in science — 2005 : January February March April May June July August September October November December → NOTOC August 31, 2005* The decoding of genome of the chimpanzee is announced and a first draft is published. See: Chimpanzee Genome Project.… …   Wikipedia

  • Windows Task Manager — is a task manager application included with Microsoft Windows NT family of operating systems that provides detailed information about computer performance and running applications, processes and CPU usage, commit charge and memory information,… …   Wikipedia

  • Atilla Ekici — (also known as Coder and sefo ) is a Turkish black hat hacker who is accused to have helped Moroccan black hat hacker Farid Essebar in developing the Zotob worm. He also had connections with the Mytob worm and a third worm, RBot. Assistant FBI… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”