Slashdot Mirror
Zotob and Mytob Worm Authors Arrested
An anonymous reader writes "The Washingtonpost.com is reporting that two men have been arrested for allegedly authoring and releasing the "Zotob" and "Mytob" worms. The first Zotob, released Aug 14 - just 4 days after Microsoft released a fix for the hole it exploited, infected systems at many major news outlets. Mytob remains one of the most pervasive worms on the 'Net today." From the article: "Moroccan authorities, working with the FBI, arrested Farid Essebar, 18, a Moroccan national born in Russia who went by the screen moniker 'Diabl0.' Arrested in Turkey was Atilla Ekici, aka 'Coder,' age 21. Both individuals will be subject to local prosecutions, the FBI said." Update: 08/26 20:56 GMT by Z : Nana Mous wrote to mention an eWeek blow by blow account of Microsoft's response to the worm. Very interesting read.
In the interest of stimulating more informed discussion, here is a link to a press release from Microsoft commending the Turkish and Moroccan authorities, as well as the FBI, for their prompt arrest of the suspects.
____
~ |rip/\/\aster /\/\onkey
Microsoft Assisted Worm Investigation Microsoft's Internet Crime Investigations Team supported the investigation with law enforcement immediately following the release of the two worms. Microsoft provided technical information and analytical support to the FBI on this case, which was then shared with Moroccan and Turkish authorities.
Daily News http://newsblaze.com
from TFA they tried to run a bankcard scam with info they obtained from compromised machines.
1) They very stupidly could have launched the worm from their own computer rather than a public computer say 50 miles away in a library somewhere.
2) They could have run the program when they compiled it for the final time by doing a compile and run versus just compile.
It's always something like that happens when these guys get busted. They get comfortable and forget to do something that they needed to cover their tracks due to lack of extreme paranoia.
Generation Trance: What generation are you?
The FBI has Legal Attaché Offices in approximately 50 countries world-wide.
http://www.fbi.gov/contact/legat/legat.htm
#1, most countries have laws against hacking/viruses/etc. Hence the reason they are being prosecuted locally. They broke a law in their country so it'll be handled there. However #2, law enforcement around the globe cooperates. We don't want criminals to be able to escape prosecution simply be conducting crimes across national lines, or fleeing to another country.
So, what probably happened here is what happens all the time, the FBI had evidence that one of the authors was Moroccan so they got a hold of Moroccan police and gave them the information they had. Moroccan police investigated and have now arrested a suspect.
I fail to see the problem here.
Turkey and Morocco are amongst America's most trusted allies. Turkey is member of NATO, and Morocco was granted by the US the status of most important ally outside NATO, and we have a free trade agreement with Morocco as well.
Oh, and btw., America's oldest friendship treaty (non broken) with a foreign nation was with... right: Morocco. Signed on our side by Thomas Jefferson himself.
cpghost at Cordula's Web.
oh really? they cant be uninstalled? wrong.
My UID is a palindrome, that must be good for some type of prize.
Authors of that worm was using infomation stored on victims' computers for bankcard forgery. According to what I read from local news, Atilla guy was caught because he was moving money from victims' bank accounts to another account.
With such a connection to accounts, it's not a rocket science to catch writers. I think Turkish guy thought Turkey is heaven to do such things without any kind of anonymity in Turkey but evidently he was wrong.
Hey they didn't make that up for the movie...
http://www.multicians.org/cookie.html
A firewall only allowing port 21 and port 80 will obsolete viruses for windows file sharing and uPnP like this last one...
Because installing a Windoze patch is risky business. They have a nasty habit of breaking important things. Good IT departments will test the crap out of a patch before rolling it out to several hundred desktops.
-- Will program for bandwidth
As someone who just finished working at an embassy overseas and worked with FBI officials there, let me assure you - the local countries don't mind the help and technical assistance they receive from the LEGAT offices. Quite the opposite - LEGAT provides a great deal of training and equipment when needed, and acts as a liason with local police force.
The LEGAT agents probably weren't the ones that made the actual bust, but they were likely there to coordinate it.
Considering the damage this virus caused to US interests (businesses and citizens at home and abroad), I'd argue the US certainly had an interest in taking these guys out of commission.
The tinfoil hat crowd can, and will, say what they want, but the FBI employees I've had the chance to work with are amazing people - honest, hard working, focused on their jobs, and quite frankly, underpaid for the risks they take. I'm just glad to hear that the guys were busted.
Because
a) that would slow the rate of infection, and it's lifetime (I still see the odd laptop infected with blaster)
b) an infected machine they can pull credit card numbers off of (which they did in this case) or send spam with, is much more valuable to writers these days than just killing it.
Remember kids, it's all fun and games until someone commits wholesale galactic genocide.