Computer Crime Research Center


Alleged worm hacker detained

Date: August 28, 2005
Source: The New York Time
By: Roben Farzad

Two men were arrested overseas on Thursday on charges of unleashing a computer worm that infected networks across the United States nearly two weeks ago, the Federal Bureau of Investigation and Microsoft announced yesterday.

The men, Farid Essebar, 18, of Morocco, and Atilla Ekici, 21, of Turkey, were said to be responsible for the Zotob worm, which hampered computer operations at more than 100 companies, including news organizations like CNN, The New York Times and ABC News. The computers were running a version of Microsoft's Windows operating system, prompting the company's Internet crime investigations unit to collaborate with the F.B.I. to locate the source.

"The swift resolution of this matter is the direct result of effective coordination and serves as a good example of what we can achieve when we work together," Louis M. Reigel III, assistant director of the F.B.I. Cyber Division, said in a news release.

In a conference call with reporters, Mr. Reigel said Mr. Ekici, who went by the online alias Coder, paid Mr. Essebar, operating under the name Diabl0, to create Zotob and another worm, called Mytob. But he would not comment on whether they were part of a broader operation.

"They certainly knew each other via the Internet," Mr. Reigel said, but it was not clear whether they had met in person.

The state news agency in Morocco reported that the motive was financial and that Mr. Essebar acted in league with groups involved in bank card forgery. Some computer worms can be used to compromise computer security and make it easier to steal passwords, identification data and financial records in ways that are hard to trace.

Mr. Reigel declined to specify yesterday whether any data was compromised in the Zotob episode.

The Zotob worm was notable for how quickly it was released after Microsoft's announcement of a flaw in its Windows 2000 operating system. Within days of Microsoft's releasing a security patch in early August, the worm was infecting computers that had not installed the update.

Bradford L. Smith, Microsoft's general counsel, said in an interview yesterday that the company was able to help authorities as the attack was going on by monitoring its path and then charting its trail and dissecting the code behind the worm.

"You learn things in real time that you just cannot reconstruct later," he said.

In the earlier conference call, he was asked why Microsoft's operating systems have been so prone to attack.

"The reality is that any company that has popular products has to recognize that it's a fact of life," he said. "Security remains our highest priority."
Original article

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2005-09-17 22:39:15 - Thank you for the info! Sonta
2005-08-29 05:34:38 - They should not get a slap on the wrist,... Richard Jones
Total 2 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo