Farid Essebar, standing before the investigating magistrate in Rabat, denied either producing or distributing the worm.
"I expect the investigation to find him not guilty and that he will not be charged of any crime," said Essebar's lawyer, Mohamed Fertat.
Essebar was detained with 21-year-old Attila Ekici in August following a coordinated operation between the FBI and Moroccan and Turkish police.
Following their arrest the FBI indicated it was chasing a a further 16 suspects.
"The authorities will need to unravel a tangled web to find out precisely who was responsible in the complicated case of the Zotob worm," said Graham Cluley, senior technology consultant at antivirus company Sophos. "We believe it is likely that a number of people are likely to have been involved, some with the writing and distributing of the worm, and some with the criminal use of data it attempted to steal from innocent users."
Zotob exploited a Plug and Play vulnerability in some Microsoft software, including Windows 2000. A number of media outlets still using the operating system, including ABC World News Tonight, CNN and the New York Post were hit by a Zotob outbreak on their networks.
Following the initial release of Zotob, cheeky malware writers created a number of copycat viruses. It was then revealed the vulnerability was also present in unpatched versions of XP.