04:24 PM
Connect Directly
Repost This

FBI: Suspected Zotob Makers Arrested

The FBI says two men were nabbed in Turkey and Morocco, and charged in connection with Zotob and the earlier Mytob and Rbot worms.

Two men have been arrested by local authorities in Turkey and Morocco, and charged with creating and distributing the Zotob and Mytob worms, as well as Rbot bot worm, the FBI announced Friday in a conference call with news media.

Farid Essebar, 18, a Moroccan national born in Russia and known by the moniker "Diabl0," was arrested by Moroccan authorities, while Atilla Ekici, aka "Coder," a 21-year old resident of Turkey, was grabbed by Turkish police.

The two are believed to be behind the Zotob attacks that began last week, quickly infected thousands of machines worldwide, and brought down some corporate and media networks running vulnerable Windows 2000 PCs. They are also suspected of being behind Mytob, which harks back to February 2005, and Rbot, an IRC-controlled bot which debuted in August 2004.

The FBI's investigation doesn't go back that far, but it did begin long before the Zotob outbreak, said Louis Reigel, the assistant director of the FBI's Cyber Division.

"We started our initial investigation [of Mytob] in late March, but it became very aggressive in the last two weeks," Reigel said. "The arrests were made from a trail that came to light in the last two weeks [since Zotob]," confirmed Brad Smith, Microsoft's general counsel, who also participated in the call.

According to the FBI, Essebar was the one who wrote the worms and bots, and was then paid for his work by Ekici. "There was a financial relationship between Essebar and Ekici," said Reigel, "and we believe that there was financial gain on the part of the Moroccan, Mr. Essebar."

Microsoft, said both Reigel and Smith, was instrumental in tracking down the pair. Microsoft's Internet Crime Investigations Team began monitoring the first wave of Zotob attacks last week, and used that information, as well as technical analysis of the worm, to "follow the electronic trail back to the source, so to speak," Smith said.

Microsoft's Anti-Virus Reward program, which started in 2003 and offers bounties of $250,000 for information that leads to the arrests of some worm writers, didn't play a part here, said Smith. "The arrests were not made based on a tip-off; they were based on our Internet Crime Investigations Team."

Microsoft's reward program has had spotty success, although it contributed to the arrest last year of the Sasser worm writer, a German teenager who was convicted and sentenced in early July of this year.

Both Essebar and Ekici will face charges in their home countries, Reigel said, although he wasn't able to detail the exact charges which had been filed nor the possible penalties. There is no plan to extradite the two to the United States, he added, in part because there is no extradition treaty with Morocco.

Nor would either Reigel or Smith of Microsoft speculate as to the motive for writing and distributing the various worms. Although some media reports -- including one out of Morocco -- claimed that the two men were involved in bankcard fraud, Reigel said there was no evidence of that.

"We have no information that this case relates to identity theft or bank fraud," said Reigel.

Smith praised the FBI and the cooperating overseas law enforcement for jumping on the case so quickly. "I think that such fast law enforcement action spanning not only multiple countries but multiple continents speaks volumes about the progress law enforcement has made against cyber criminals," Smith said.

He also defended his company, which is frequently lambasted for its many security problems, by claiming, as have other officials, that the root cause for the attack isn't necessarily Microsoft's fault, but is due to the overwhelming popularity of its products.

"We have very popular products, and so we're put under this kind of pressure," said Smith. "But security remains our highest priority."

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.