Two arrests made in Zotob worm attack

Saturday, August 27, 2005

Turkish and Moroccan authorities arrested two suspects who are believed to be the creators of the Zotob worm that took down CNN’s computer network and crippled other computers in the U.S. and worldwide earlier this month.

The FBI traced an electronic trail that led to two men from the Middle East and North Africa. An 18-year old Moroccan, Farid Essebar, is believed to have written the worm in return for a payment from a 21-year old Turk Atilla Ekici. Both were arrested Friday and await prosecution in their respective countries.

It appears that Essebar and Ekici never met personally, and conducted the entire cyber crime through contact with each other over the internet. The online monikers for the two is believed to be "Diabl0" for Essebar and “Coder” for Ekici.

The speedy pace at which investigators made arrests is credited from working closely with the Microsoft Corp., and Moroccan and Turkish authorities, said the FBI assistant director Louis Reigel. "Had we not had those entities involved in this investigation, I suspect it would still be ongoing today."

Microsoft investigators began in March to analyze an e-mail variant called Mytob, which emerged in late February. The two suspects are believed to have authored the predecessor to Mytob, known then as 'Rbot'. These worms could plant in infected computers a backdoor that could be used to gain remote access to the computer and their networks at a later date.

The release of the Zytob worm yielded more evidence of the perpetrators’ identities. The motive for the attacks appears to be financial gain and not terrorist related. The two men allegedly forwarded stolen financial information to a credit-card fraud ring, according to the Moroccan government.

The 5-year-old Windows 2000 operating system is most vulnerable to attack. The worm uses a flaw in the Windows Plug and Play service; a flaw for which Microsoft has issued a patch. But an August 23 Microsoft advisory notes that some non-default configurations of Windows XP Service Pack 1 systems could also be at risk. XP SP2 users are not at risk.

Related news

"CNN headquarters infected with computer worm, exaggerates global threat" — Wikinews, August 16, 2005

Sources

Roland Waite. "The Zotob worm trail leads to arrests in Turkey and Morocco" — EARTHtimes, August 27 , 2005
Brian Krebs. "Suspected Worm Creators Arrested" — The Washington Post, August 27, 2005
Ryan Naraine. "Zotob Worm Could Squirm on Windows XP" — eWeek, August 24, 2005

Share this:

The text of this article has been released into the public domain. In the event that this is not legally possible, this article may be used for any purpose, without any condition, unless such conditions are required by law. This applies worldwide. Copyright terms on images, however, may vary, so please check individual image pages prior to duplication.
Please note that this only applies to Wikinews content created prior to September 25, 2005. All content created after that date is released under a Creative Commons license which is mentioned at the bottom of each article. This is currently the Creative Commons Attribution 2.5 License.

This page is archived, and is no longer publicly editable.

Articles presented on Wikinews reflect the specific time at which they were written and published, and do not attempt to encompass events or knowledge which occur or become known after their publication.

Got a correction? Add the template {{editprotected}} to the talk page along with your corrections, and it will be brought to the attention of the administrators.

Please note that due to our archival policy, we will not alter or update the content of articles that are archived, but will only accept requests to make grammatical and formatting corrections.

Note that some listed sources or external links may no longer be available online due to age.