[ISN] Two Suspected in Computer Worm Attacks Are Arrested

InfoSec News isn at c4i.org
Mon Aug 29 14:05:43 EDT 2005


August 27, 2005

Two men were arrested overseas on Thursday on charges of unleashing a
computer worm that infected networks across the United States nearly
two weeks ago, the Federal Bureau of Investigation and Microsoft
announced yesterday.

The men, Farid Essebar, 18, of Morocco, and Atilla Ekici, 21, of
Turkey, were said to be responsible for the Zotob worm, which hampered
computer operations at more than 100 companies, including news
organizations like CNN, The New York Times and ABC News. The computers
were running a version of Microsoft's Windows operating system,
prompting the company's Internet crime investigations unit to
collaborate with the F.B.I. to locate the source.

"The swift resolution of this matter is the direct result of effective
coordination and serves as a good example of what we can achieve when
we work together," Louis M. Reigel III, assistant director of the
F.B.I. Cyber Division, said in a news release.

In a conference call with reporters, Mr. Reigel said Mr. Ekici, who
went by the online alias Coder, paid Mr. Essebar, operating under the
name Diabl0, to create Zotob and another worm, called Mytob. But he
would not comment on whether they were part of a broader operation.

"They certainly knew each other via the Internet," Mr. Reigel said,
but it was not clear whether they had met in person.

The state news agency in Morocco reported that the motive was
financial and that Mr. Essebar acted in league with groups involved in
bank card forgery. Some computer worms can be used to compromise
computer security and make it easier to steal passwords,
identification data and financial records in ways that are hard to

Mr. Reigel declined to specify yesterday whether any data was
compromised in the Zotob episode.

The Zotob worm was notable for how quickly it was released after
Microsoft's announcement of a flaw in its Windows 2000 operating
system. Within days of Microsoft's releasing a security patch in early
August, the worm was infecting computers that had not installed the

Bradford L. Smith, Microsoft's general counsel, said in an interview
yesterday that the company was able to help authorities as the attack
was going on by monitoring its path and then charting its trail and
dissecting the code behind the worm.

"You learn things in real time that you just cannot reconstruct
later," he said.

In the earlier conference call, he was asked why Microsoft's operating
systems have been so prone to attack.

"The reality is that any company that has popular products has to
recognize that it's a fact of life," he said. "Security remains our
highest priority."

More information about the ISN mailing list