Loading AI tools
Computer worm From Wikipedia, the free encyclopedia
Zotob is a computer worm which exploits security vulnerabilities in Microsoft operating systems like Windows 2000, including the MS05-039 plug-and-play vulnerability. This worm has been known to spread on Microsoft-ds or TCP port 445.
It has been suggested that Farid Essebar be merged into this article. (Discuss) Proposed since October 2024. |
"The Zotob worm and several variations of it, known as Rbot.cbq, SDBot.bzh and Zotob.d, infected computers at companies such as ABC, CNN, The Associated Press, The New York Times, and Caterpillar Inc." — Business Week, August 16, 2005.
It was declared that the Zotob worms cost an average of $97,000 as well as 80 hours of cleanup per company affected.[1]
Zotob was derived from the Rbot worm. Rbot can force an infected computer to continuously restart. Its outbreak on August 16, 2005, was covered "live" on CNN television, as the network's own computers got infected. Zotob would self-replicate each time the computer rebooted, resulting in each computer having numerous copies of the file by the time it was purged. This is similar to the Blaster (Lovesan) worm.[clarification needed]
On August 26, 2005, Farid Essebar and Atilla Ekici were arrested in Morocco and Turkey, respectively. They are believed to be the men behind the worm's coding.
A signature in the Zotob worm code suggested it was coded by Diabl0 and the IRC server it connects to is the same used in previous version of Mytob. Diabl0 is believed to have incorporated the code of a Russian nicknamed houseofdabus [11] whose journal has been shut down by authorities,[12] just after the arrest of Diabl0. The coder (Ekici) probably paid Diabl0 (Essebar) to write the code.
"He says it's all about making money, and that he doesn't care if people remove the worm because it's the spyware stuff that he installs that's making him the money, Taylor said in a conversation with me."[13]
On August 30, 2005, controversial reports emerged from different anti-virus firms. Sophos declared that several people had access to the Mytob source code (a variant of the worm). On the other hand, F-Secure declared that it has found multiple variants of Mytob that were coded after the arrest of Essebar. Those declarations suggest that Essebar is only a part of a larger group of Dark-side hackers behind the spread of the malware.[14]
Seamless Wikipedia browsing. On steroids.
Every time you click a link to Wikipedia, Wiktionary or Wikiquote in your browser's search results, it will show the modern Wikiwand interface.
Wikiwand extension is a five stars, simple, with minimum permission required to keep your browsing private, safe and transparent.