Blog entry

Two arrests in Mytob and Zotob computer investigation

 Washington, D.C. - Working with law enforcement authorities in Morocco and Turkey, the FBI today announced the arrests of two individuals believed to be responsible for the creation and distribution of the "Mytob" and "Zotob" computer worms that were unleashed less than two weeks ago and disrupted services on computer networks of a variety of companies including major U.S. news organizations.

With the help of Moroccan authorities, Ministry of Interior Turkish National Police , and valuable assistance from Microsoft Corporation, these individuals were arrested yesterday without incident.  Arrested in Morocco was Farid Essebar, 18, a Moroccan national born in Russia who went by the screen moniker "Diabl0." Arrested in Turkey was Atilla Ekici, aka "Coder," a 21-year old resident of Turkey. Both individuals will be subject to local prosecutions.

FBI Cyber Division Assistant Director Louis M. Reigel III said, "In today's world of sophisticated technology, cyber criminals need very few tools to carry out their crimes.  With a few strokes on a keyboard and a click of a mouse, malicious computer code can instantly spread across computer networks all over the world causing significant damage and dollar loss.  In the FBI, we confront this problem by teaming our highly skilled cyber investigators with other domestic and international law enforcement agencies as well as private sector companies including Microsoft and various members of the anti-virus community.  The swift resolution of this matter is the direct result of effective coordination and serves as a good example of what we can achieve when we work together."

Microsoft Senior Vice President and General Counsel Brad Smith said, " "We congratulate the Turkish and Moroccan authorities and the FBI for finding and apprehending the alleged distributors of the Zotob and Rbot worms so quickly. These arrests demonstrate the value of public-private collaboration - the first-class investigative work by the authorities and ‘round-the-clock technical and investigative support provided by our Internet Crime Investigations Team here at Microsoft.  The results show clearly that cyber criminals will be identified, apprehended and held accountable for their actions."

W32.Zotob is a worm that targets Windows 2000 and XP-based computers.  The worm opens a back door and exploits the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039). 

Information concerning the worm and its removal can be located on the Microsoft Website at:www.microsoft.com/security/incident/zotob.mspx

The investigation is continuing and the FBI will assist appropriate authorities with respect to the institution and prosecution of any charges.

Source