102:
television, as the network's own computers got infected. Zotob would self-replicate each time the computer rebooted, resulting in each computer having numerous copies of the file by the time it was purged. This is similar to the
Blaster (Lovesan) worm.
294:
138:"The worms, called Zotob and Rbot, and variants of them, started emerging Saturday, computer security specialists said, and continued to propagate as corporate networks came to life at the beginning of the week."
116:"On August 9th, Microsoft released critical security advisory MS05-039 which revealed a vulnerability in the Plug-and-Play component of Windows 2000. Code to patch the loophole was also made available."
162:"CIBC says the Zotob worm caused some isolated outages, but did not affect ATMs, Internet or phone banking. The virus also hit other Canadian businesses but has not caused widespread shutdowns."
149:"CNN, breaking into regular programming, reported on air that personal computers running Windows 2000 at the cable news network were affected by a worm that caused them to restart repeatedly."
257:
declared that it has found multiple variants of Mytob that were coded after the arrest of
Essebar. Those declarations suggest that Essebar is only a part of a larger group of
302:
235:
nicknamed houseofdabus whose journal has been shut down by authorities, just after the arrest of Diabl0. The coder (Ekici) probably paid Diabl0 (Essebar) to write the code.
665:
386:
482:
240:
He says it's all about making money, and that he doesn't care if people remove the worm because it's the spyware stuff that he installs that's making him the money,
123:"In the days since Microsoft's announcement, virus writers have released several variants of both Zotob and RBot, along with updated versions of older worms named
408:
575:
151:"The Internet Storm Center, which tracks the worldwide impact of computer worms, indicated on its Web site that no major Internet attack was underway.
420:
274:
213:
124:
153:
Likely this is an isolated event, which became newsworthy because CNN got infected. We do not see any new threats at this point,
20:"The Zotob worm and several variations of it, known as Rbot.cbq, SDBot.bzh and Zotob.d, infected computers at companies such as
490:
231:
server it connects to is the same used in previous version of Mytob. Diabl0 is believed to have incorporated the code of a
147:"Around 5 p.m. problems began at CNN facilities in New York and Atlanta before being cleared up about 90 minutes later."
86:
It was declared that the Zotob worms cost an average of $ 97,000 as well as 80 hours of cleanup per company affected.
599:
659:
397:
336:
605:
581:
706:
258:
253:
declared that several people had access to the Mytob source code (a variant of the worm). On the other hand,
21:
701:
452:
677:
58:
671:
653:
504:
424:
367:
526:
73:
532:
61:
550:
647:
349:
128:
94:
Zotob was derived from the Rbot worm. Rbot can force an infected computer to continuously
8:
611:
569:
95:
34:
641:
635:
629:
623:
438:
323:
80:
39:
29:
469:
593:
587:
695:
683:
209:
192:
177:
76:
54:
227:
A signature in the Zotob worm code suggested it was coded by Diabl0 and the
69:
224:, respectively. They are believed to be the men behind the worm's coding.
556:
538:
544:
246:
687:
79:
vulnerability. This worm has been known to spread on
Microsoft-ds or
65:
456:
421:"Maghreb Arabe Presse: Young Moroccan hacker arrested for web virus"
254:
368:"CNN.com - Worm strikes down Windows 2000 systems - Aug 17, 2005"
262:
245:
On August 30, 2005, controversial reports emerged from different
217:
196:
181:
167:
250:
232:
221:
195:
and his friend Achraf
Bahloul were sentenced by a court in
131:, designed to take advantage of the newly discovered flaw."
372:
228:
173:
159:
August 17, 2005: CIBC and other banks, companies affected
99:
98:. Its outbreak on August 16, 2005, was covered "live" on
25:
184:, suspected for being behind the spread of the virus."
520:
505:"Zotob arrests throws open trade in compromised PCS"
693:
470:http://www.livejournal.com/users/houseofdabus/
350:"Virus Attacks Windows Computers at Companies"
275:Timeline of notable computer viruses and worms
515:
650:Virus Attacks Windows Computers at Companies
680:Zotob Proves Patching "Window" Non-Existent
686:PodCast - Episode #1: "As the Worm Turns"
166:August 26, 2005: A suspect is arrested in
242:Taylor said in a conversation with me."
191:"The creators of the Zotob Windows worm
347:
203:
694:
656:Worm strikes down Windows 2000 systems
553:(Common Vulnerabilities and Exposures)
176:, Moroccan police arrests 18-year-old
668:Computer virus hits U.S media outlets
480:
106:
539:US Cert Vulnerability Note VU#998653
533:Microsoft Security Advisory (899588)
527:Microsoft Security Bulletin MS05-039
135:August 13, 2005: Emerged on Saturday
674:Zotob Worm Hits CNN and Goes Global
662:Computer worms strike media outlets
563:
144:August 16, 2005: Took down CNN live
13:
521:Security vulnerability information
14:
718:
644:Money motive drove virus suspects
638:Two detained for US computer worm
632:Windows 2000 bug starts virus war
483:"Conversation With a Worm Author"
439:"Zotob virus writers face prison"
324:"Windows 2000 worm hits US firms"
113:August 9, 2005: Security advisory
617:
570:What You Should Know About Zotob
481:Krebs, Brian (August 29, 2005).
348:Richtel, Matt (17 August 2005).
626:Windows 2000 worm hits US firms
497:
474:
463:
445:
431:
89:
413:
402:
391:
380:
360:
341:
330:
316:
295:"Zotob Cost $ 97K per Company"
287:
188:September 16, 2006: Sentencing
1:
280:
578:(Symantec Security Response)
7:
268:
10:
723:
612:Zotob Removal Instructions
516:External links and sources
172:"Under the request of the
261:behind the spread of the
545:Secunia Advisory SA16372
62:security vulnerabilities
68:operating systems like
576:W32.Zotob Removal Tool
489:(Blog). Archived from
48:
18:
707:Hacking in the 2000s
441:. 14 September 2006.
208:On August 26, 2005,
204:Arrest of the coders
702:Exploit-based worms
453:"milw0rm.com - n/a"
608:(Security Blogger)
354:The New York Times
107:Sequence of events
46:, August 16, 2005.
35:The New York Times
326:. 17 August 2005.
259:Dark-side hackers
216:were arrested in
714:
678:Information Week
564:Worm information
557:Bugtraq ID 14513
509:
508:
501:
495:
494:
478:
472:
467:
461:
460:
455:. Archived from
449:
443:
442:
435:
429:
428:
423:. Archived from
417:
411:
406:
400:
395:
389:
384:
378:
377:
364:
358:
357:
345:
339:
334:
328:
327:
320:
314:
313:
311:
310:
301:. Archived from
291:
72:, including the
40:Caterpillar Inc.
30:Associated Press
722:
721:
717:
716:
715:
713:
712:
711:
692:
691:
620:
566:
559:(SecurityFocus)
523:
518:
513:
512:
503:
502:
498:
487:Washington Post
479:
475:
468:
464:
451:
450:
446:
437:
436:
432:
419:
418:
414:
407:
403:
396:
392:
385:
381:
366:
365:
361:
346:
342:
335:
331:
322:
321:
317:
308:
306:
293:
292:
288:
283:
271:
206:
190:
171:
161:
155:the site read."
150:
148:
146:
137:
122:
115:
109:
92:
17:
12:
11:
5:
720:
710:
709:
704:
690:
689:
681:
675:
669:
663:
657:
651:
648:New York Times
645:
639:
633:
627:
619:
616:
615:
614:
609:
603:
597:
591:
585:
579:
573:
565:
562:
561:
560:
554:
548:
542:
536:
530:
522:
519:
517:
514:
511:
510:
496:
493:on 2006-03-14.
473:
462:
459:on 2006-03-29.
444:
430:
427:on 2005-11-12.
412:
401:
390:
379:
359:
340:
329:
315:
285:
284:
282:
279:
278:
277:
270:
267:
205:
202:
201:
200:
185:
163:
156:
140:
139:
132:
117:
108:
105:
91:
88:
15:
9:
6:
4:
3:
2:
719:
708:
705:
703:
700:
699:
697:
688:
685:
684:Security Now!
682:
679:
676:
673:
670:
667:
664:
661:
658:
655:
652:
649:
646:
643:
640:
637:
634:
631:
628:
625:
622:
621:
618:News coverage
613:
610:
607:
606:Full Timeline
604:
602:(Trend Micro)
601:
600:WORM_RBOT.CBR
598:
595:
592:
589:
586:
584:(Trend Micro)
583:
580:
577:
574:
571:
568:
567:
558:
555:
552:
551:CAN-2005-1983
549:
546:
543:
540:
537:
534:
531:
528:
525:
524:
506:
500:
492:
488:
484:
477:
471:
466:
458:
454:
448:
440:
434:
426:
422:
416:
410:
405:
399:
394:
388:
383:
375:
374:
369:
363:
355:
351:
344:
338:
333:
325:
319:
305:on 2006-02-21
304:
300:
296:
290:
286:
276:
273:
272:
266:
264:
260:
256:
252:
248:
243:
241:
236:
234:
230:
225:
223:
219:
215:
211:
210:Farid Essebar
198:
194:
193:Farid Essabar
189:
186:
183:
179:
178:Farid Essebar
175:
170:
169:
164:
160:
157:
154:
145:
142:
141:
136:
133:
130:
126:
121:
120:Virus writing
118:
114:
111:
110:
104:
101:
97:
87:
84:
82:
78:
77:plug-and-play
75:
71:
67:
63:
60:
56:
55:computer worm
52:
47:
45:
44:Business Week
41:
37:
36:
31:
27:
23:
16:Computer worm
582:WORM_ZOTOB.D
499:
491:the original
486:
476:
465:
457:the original
447:
433:
425:the original
415:
404:
393:
382:
371:
362:
353:
343:
332:
318:
307:. Retrieved
303:the original
298:
289:
244:
239:
237:
226:
214:Atilla Ekici
207:
187:
165:
158:
152:
143:
134:
119:
112:
93:
90:Rbot variant
85:
70:Windows 2000
50:
49:
43:
33:
19:
572:(Microsoft)
535:(Microsoft)
529:(Microsoft)
299:Red Herring
696:Categories
596:(F-Secure)
590:(F-Secure)
309:2005-10-27
281:References
247:anti-virus
42:" —
547:(Secunia)
541:(US-CERT)
66:Microsoft
672:Slashdot
642:BBC News
636:BBC News
630:BBC News
624:BBC News
398:NBC News
337:NBC News
269:See also
255:F-Secure
182:Moroccan
81:TCP port
74:MS05-039
59:exploits
666:Reuters
594:Zotob.C
588:Zotob.A
387:Reuters
263:malware
249:firms.
233:Russian
218:Morocco
197:Morocco
168:Morocco
129:IRC-Bot
96:restart
409:CTV.ca
251:Sophos
222:Turkey
125:SD-Bot
57:which
38:, and
28:, The
660:MSNBC
83:445.
53:is a
51:Zotob
220:and
212:and
180:, a
127:and
654:CNN
373:CNN
229:IRC
174:FBI
100:CNN
64:in
26:CNN
22:ABC
698::
485:.
370:.
352:.
297:.
265:.
32:,
24:,
507:.
376:.
356:.
312:.
238:"
199:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.