Subscribe

Suspected computer worm authors arrested

By Reuters
Washington, 29 Aug 2005

Authorities in Morocco and Turkey have arrested two men for unleashing computer worms that disrupted networks across the US last week, the FBI said on Friday.

Farid Essebar, 18, of Morocco, and Atilla Ekici, 21, of Turkey, are believed to have been responsible for the Zotob worm that hit the Internet less than two weeks ago, along with predecessors called Rbot and Mytob released earlier, the FBI said.

Zotob caused computer outages at more than 100 US companies, including major media outlets like CNN and The New York Times, but it did not create widespread havoc along the lines of previous malicious software programs like SQL Slammer and MyDoom.

Close teamwork among the FBI, Microsoft and authorities in Morocco and Turkey was essential to the case, said FBI Cyber Division assistant director Louis Reigel.

"This case happened very quickly," Reigel said on a conference call. "Had we not had those entities involved in this investigation, I suspect it would still be ongoing today."

Reigel said Essebar wrote the malicious code and provided it to Ekici for a fee.

The two men will face prosecution in their native countries and FBI officials will provide evidence, he said.

Zotob targeted a recently discovered flaw in the Plug and Play feature of Microsoft`s Windows 2000 operating system. Newer versions of the software were not affected.

Users who heeded a prior warning from Microsoft and updated their systems were not victimised by the worms, but those who did not keep their systems up to date could have their computers taken over by remote servers or see them shut down and start backup repeatedly.

Microsoft general counsel Brad Smith said the worms had a limited impact because more consumers were keeping their software up to date and using firewalls and anti-virus software. The software industry was taking threats more seriously as well, he said.

Microsoft`s team of 50 investigators was able to analyse the worms and find out where they were coming from, he said. The team began work on the case in March after the release of Mytob, but Zytob provided the evidence to track them down, he said.

"We have important work ahead of us to strengthen computer security but we`ve also come a long ways in a short time, and the fact that we were able to see these arrests in less than two weeks and see them halfway around the world really drives that point home," Smith said.

Share