FBI ANNOUNCES TWO ARRESTS IN MYTOB AND ZOTOB COMPUTER WORM INVESTIGATION
Washington, D.C. - Working with law enforcement authorities in Morocco
and Turkey, the FBI today announced the arrests of two individuals believed to be responsible for the creation and
distribution of the "Mytob" and "Zotob" computer worms that were unleashed less than two weeks
ago and disrupted services on computer networks of a variety of companies including major U.S. news organizations.
With the help of Moroccan authorities, Ministry of Interior Turkish National
Police , and valuable assistance from Microsoft Corporation, these individuals were arrested yesterday without
incident. Arrested in Morocco was Farid Essebar, 18, a Moroccan national born in Russia who went by the
screen moniker "Diabl0." Arrested in Turkey was Atilla Ekici, aka "Coder," a 21-year old
resident of Turkey. Both individuals will be subject to local prosecutions.
FBI Cyber Division Assistant Director Louis M. Reigel III said, "In today's
world of sophisticated technology, cyber criminals need very few tools to carry out their crimes. With a few
strokes on a keyboard and a click of a mouse, malicious computer code can instantly spread across computer
networks all over the world causing significant damage and dollar loss. In the FBI, we confront this problem
by teaming our highly skilled cyber investigators with other domestic and international law enforcement agencies
as well as private sector companies including Microsoft and various members of the anti-virus community. The
swift resolution of this matter is the direct result of effective coordination and serves as a good example of
what we can achieve when we work together."
Microsoft Senior Vice President and General Counsel Brad Smith said, "
"We congratulate the Turkish and Moroccan authorities and the FBI for finding and apprehending the alleged
distributors of the Zotob and Rbot worms so quickly. These arrests demonstrate the value of public-private
collaboration - the first-class investigative work by the authorities and ‘round-the-clock technical and
investigative support provided by our Internet Crime Investigations Team here at Microsoft. The results show
clearly that cyber criminals will be identified, apprehended and held accountable for their actions."
W32.Zotob is a worm that targets Windows 2000 and XP-based computers. The
worm opens a back door and exploits the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described
in Microsoft Security Bulletin MS05-039).
Information concerning the worm and its removal can be located on the Microsoft
Website at: www.microsoft.com/security/incident/zotob.mspx
The investigation is continuing and the FBI will assist appropriate authorities
with respect to the institution and prosecution of any charges.
To protect against various computer infections, PC users should adopt a
maintenance mindset to help keep their devices safe and practice good security behaviors. These include using an
Internet firewall, diligently installing security updates, using up-to-date antivirus software, as well as using
newer and more secure software that has been engineered to better protect against emerging online threats.