August 26, 2005 11:29 AM PDT

Arrests made in probe of worm that hit ABC, others

Law enforcement officials have arrested two men suspected of unleashing of a pair of computer worms, including last week's Zotob, which hit servers at American Express, The New York Times and elsewhere.

Farid Essebar, age 18, a Moroccan national born in Russia, was arrested in Morocco, and 21-year-old Atilla Ekici, a Turkish resident, was arrested in Turkey, Paul Bresson, a spokesman for the FBI, said Friday. Both suspects were detained Thursday and will be prosecuted in the countries in which they were arrested, Bresson said.

Bresson said that Essebar, who went by the nickname "Diabl0," and Ekici, known as "Coder," are suspected of creating both the Mytob and Zotob worms.

The Zotob worm attacked computers running Microsoft's Windows 2000 operating system, and the worm and its offshoots last week hit PCs and servers worldwide, including machines at ABC, CNN and Daimler Chrysler.

Zotob included some of the code used in Mytob, an e-mail worm that first started spreading in March. To date, more than 100 variants of Mytob have been spotted. The worm is distributed via mass e-mail campaigns and features so-called backdoor capabilities, allowing attackers to remotely control infected computers.

Both Mytob and Zotob attacked computers running Windows. Zotob and its variants exploited a security hole in the plug-and-play feature in the OS, for which Microsoft provided a fix earlier this month.

The FBI initiated the investigation into Mytob and Zotob, cooperating with Microsoft and others to trace the origins of the worms, Bresson said. Law enforcement agencies in Morocco and Turkey were instrumental in the investigation, he said.

The bureau alleges that Essebar wrote both the Mytob and Zotob worms and then sold them to Ekici. "We believe that there was financial gain on (Essebar's) part," Louis Reigel, assistant director of the FBI's Cyber Division, said in a conference call with the media. He did not provide further details.

The investigation started in late March, after the Mytob release, Reigel said.

The probe intensified when Zotob hit. Microsoft's Internet crime investigation team dissected the worm and found leads to the two suspects, Brad Smith, Microsoft's general counsel, said on the conference call.

"The trail that we ultimately were able to follow that led to these individuals is a trail that came to light in the last two weeks, after the launch of Zotob," Smith said.

Microsoft hails the arrests as an example of a successful partnership between the private sector and law enforcement. "Our entire industry, especially in partnership with law enforcement, is able to move much more quickly and in a more sophisticated way today than was the case, say, two years ago, and that is certainly part of what made it possible to get to this point within two weeks," Smith said.

The actual legal charges against the individuals are not yet known. Turkey and Morocco will charge the suspects, and the FBI will provide evidence for the prosecution, Reigel said.

The investigation into the Mytob and Zotob worms is ongoing and others may be arrested, Reigel said: "The Moroccan and Turkish authorities are doing a full investigation to determine if there were other individuals involved."

30 comments

Join the conversation!
Add your comment
Thas was fast
Good job FBI.

Now can you please get some more of the spammers too?
Posted by R. U. Sirius (745 comments )
Reply Link Flag
Thas was fast
Good job FBI.

Now can you please get some more of the spammers too?
Posted by R. U. Sirius (745 comments )
Reply Link Flag
A way for the Turkish and Moroccan governments to make money from this...
Caning webcasts.
Posted by M C (598 comments )
Reply Link Flag
A way for the Turkish and Moroccan governments to make money from this...
Caning webcasts.
Posted by M C (598 comments )
Reply Link Flag
Arabs?
These guyz sound like they are Arabs. Financial gain? This thing
smells. I hope the security folks are all over this like a blanket.
Posted by (174 comments )
Reply Link Flag
I doubt it.
Neither virus was as malicous as they could have been. They could have easily deleted/corrupted tons of data or made all the machines unbootable. I think it seemed more like an experiment.
Posted by open-mind (1027 comments )
Link Flag
Arabs?
These guyz sound like they are Arabs. Financial gain? This thing
smells. I hope the security folks are all over this like a blanket.
Posted by (174 comments )
Reply Link Flag
I doubt it.
Neither virus was as malicous as they could have been. They could have easily deleted/corrupted tons of data or made all the machines unbootable. I think it seemed more like an experiment.
Posted by open-mind (1027 comments )
Link Flag
Arrests made in probe of worm that hit ABC,others
I'm glad to know that someone is doing something about these worms/viruses!! The individuals who waste their God given intelligents to harm or destroy are no better than terrorists!! What is sad though is the fact that nothing would have gotten done if the worm hadn't been directed at large companies first.
Posted by 6gehrs (6 comments )
Reply Link Flag
Arrests made in probe of worm that hit ABC,others
I'm glad to know that someone is doing something about these worms/viruses!! The individuals who waste their God given intelligents to harm or destroy are no better than terrorists!! What is sad though is the fact that nothing would have gotten done if the worm hadn't been directed at large companies first.
Posted by 6gehrs (6 comments )
Reply Link Flag
seeded with propaganda?
just a hunch.. I think there could be an effort
to "root out" certian people by feeding them with
h/p tools and ideas... I am quite familiar with
the stuff and have found it increasingly hard to
find nowadays... I have also noticed that most of
the activity nowadays is coming from east
Europe... language barriers? maybe.. but I
noticed after 911 many "backup networks" started
hosting bomb making instructions and military
information.. obviously suspicious.. I have also
noticed linux updates slipstreamed with cloaked
stuff.. broken opensource projects.. no, this
isnt the work of individuals.. nor some cave
dwellers...

united we stand! divided and jobless.. yah! enjoy
that new orange hummer.. you deserve it!
Posted by (187 comments )
Reply Link Flag
seeded with propaganda?
just a hunch.. I think there could be an effort
to "root out" certian people by feeding them with
h/p tools and ideas... I am quite familiar with
the stuff and have found it increasingly hard to
find nowadays... I have also noticed that most of
the activity nowadays is coming from east
Europe... language barriers? maybe.. but I
noticed after 911 many "backup networks" started
hosting bomb making instructions and military
information.. obviously suspicious.. I have also
noticed linux updates slipstreamed with cloaked
stuff.. broken opensource projects.. no, this
isnt the work of individuals.. nor some cave
dwellers...

united we stand! divided and jobless.. yah! enjoy
that new orange hummer.. you deserve it!
Posted by (187 comments )
Reply Link Flag
Yo, FBI, you should be arresting Bill Gates
Week after week of exploits...because of Microsoft's disdain for anything secure that may threaten the monopoly. Microsoft's monopolistic decisions have cost lives and countless billions of dollars. And yet, nothing ever changes.
Posted by aabcdefghij987654321 (1721 comments )
Reply Link Flag
Yo, FBI, you should be arresting Bill Gates
Week after week of exploits...because of Microsoft's disdain for anything secure that may threaten the monopoly. Microsoft's monopolistic decisions have cost lives and countless billions of dollars. And yet, nothing ever changes.
Posted by aabcdefghij987654321 (1721 comments )
Reply Link Flag
Arrest MS Apologists, too
They should also pick up the Microsoft apologists who make
excuses for this shoddy software and makes these kind of attacks
possible. Why? Because they give MS cover and don't insist on a
better, safer product line.
Posted by cjohn17 (268 comments )
Reply Link Flag
Yeah - that's the ticket...
... arrest anyone who has an opinion, no matter on what issue, just because some zealot thinks that the person with the opinion is wrong-headed and should be locked up, shot, beaten, caned, whatever, for exercising their American right to free speech.

Yeah, I really look forward to living in YOUR world.
Posted by Milly Staples (24 comments )
Link Flag
Arrest MS Apologists, too
They should also pick up the Microsoft apologists who make
excuses for this shoddy software and makes these kind of attacks
possible. Why? Because they give MS cover and don't insist on a
better, safer product line.
Posted by cjohn17 (268 comments )
Reply Link Flag
Yeah - that's the ticket...
... arrest anyone who has an opinion, no matter on what issue, just because some zealot thinks that the person with the opinion is wrong-headed and should be locked up, shot, beaten, caned, whatever, for exercising their American right to free speech.

Yeah, I really look forward to living in YOUR world.
Posted by Milly Staples (24 comments )
Link Flag
Probe of worm
I think we should severly punish any person found responsible for creating worms, viruses, etc. If these people are trying to impress others, of their capability for jobs, we should develop creative programs that would make this possible. Those persons creating or participating in the destruction of valid programs should receive severe penalties to make them aware that this type of foolishness will not be tolerated by society!
Posted by Ringmaster1 (10 comments )
Reply Link Flag
Wake up
Typical western/american thinking. Virus/worm writers are often the best of the best and you want to lock them up. Fine with me. But know that it's not an effective way of solving problems. Think of microsoft. Offering huge bounties for info on virus/worm writers. Now what if they'd spend that money on security enhancements. Or better yet: why don't they employ the virus writers to help them fix their mess of an operating system. Money talks and while people are busy blaming the virus writers they forget to mention the guys who let the door wide open. Namely microsoft. Try to see with eyes unclouded by hate. The blame rests on the virus writers for making a destructive virus, on Microsoft for having a product more full of security holes than swiss cheese and on the sysadmins who do not patch /upgrade their systems. It's not one man's fault. Also the important part is not the finger pointing. It's how to solve this issue.
Posted by (92 comments )
Link Flag
Probe of worm
I think we should severly punish any person found responsible for creating worms, viruses, etc. If these people are trying to impress others, of their capability for jobs, we should develop creative programs that would make this possible. Those persons creating or participating in the destruction of valid programs should receive severe penalties to make them aware that this type of foolishness will not be tolerated by society!
Posted by Ringmaster1 (10 comments )
Reply Link Flag
Wake up
Typical western/american thinking. Virus/worm writers are often the best of the best and you want to lock them up. Fine with me. But know that it's not an effective way of solving problems. Think of microsoft. Offering huge bounties for info on virus/worm writers. Now what if they'd spend that money on security enhancements. Or better yet: why don't they employ the virus writers to help them fix their mess of an operating system. Money talks and while people are busy blaming the virus writers they forget to mention the guys who let the door wide open. Namely microsoft. Try to see with eyes unclouded by hate. The blame rests on the virus writers for making a destructive virus, on Microsoft for having a product more full of security holes than swiss cheese and on the sysadmins who do not patch /upgrade their systems. It's not one man's fault. Also the important part is not the finger pointing. It's how to solve this issue.
Posted by (92 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.