Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zotob and Mytob Worm Authors Arrested

Posted by Zonk on from the life-becomes-less-annoying dept.

An anonymous reader writes "The Washingtonpost.com is reporting that two men have been arrested for allegedly authoring and releasing the "Zotob" and "Mytob" worms. The first Zotob, released Aug 14 - just 4 days after Microsoft released a fix for the hole it exploited, infected systems at many major news outlets. Mytob remains one of the most pervasive worms on the 'Net today." From the article: "Moroccan authorities, working with the FBI, arrested Farid Essebar, 18, a Moroccan national born in Russia who went by the screen moniker 'Diabl0.' Arrested in Turkey was Atilla Ekici, aka 'Coder,' age 21. Both individuals will be subject to local prosecutions, the FBI said." Update: 08/26 20:56 GMT by Z : Nana Mous wrote to mention an eWeek blow by blow account of Microsoft's response to the worm. Very interesting read.

27 of 363 comments (clear)

  1. Coder?? by wasted+time · · Score: 2, Insightful

    Wouldn't using Atilla as a screen name earn a bit more respect than Coder?

    http://www.hyperhistory.net/apwh/bios/b3atilla_p1d z.htm

    --
    The Stone Age did not end because humans ran out of stones. - William McDonough
  2. Morocco and Turkey? Bleh by bl968 · · Score: 3, Insightful

    If I was either of the two suspects I would be crying my eyes out and demanding to be tried and jailed in the US instead of the "Local prosecution". Their best jails would likely not come up to the level of our worst.

    --
    "GET / HTTP/1.0" 200 51230 "-" "Mozilla/4.0 (compatible; Setec Astronomy)"
    1. Re:Morocco and Turkey? Bleh by WiFiBro · · Score: 2, Insightful

      I'm not sure what information you are basing that on, could you clarify? I know ./ers will accuse me of anti-americanism but you are just assuming.
      According to a quick Google on the (ever reliable) internet, there are political prisoners in the US, there is torture going on (not only Abu Graib and Guantanamo, see http://www.historiansagainstwar.org/resources/tort ure/brucefranklin.html ) and there are also doubts on whether you can get a fair trial: it's often advised to expelled suspects that in their own interest it would be better to plea guilty to get a lower sentence than plea innocent, even if they are/would be innocent.

      Anyway these wormcreators are likely to be made 'an example' in any country.

    2. Re:Morocco and Turkey? Bleh by DreamerFi · · Score: 2, Insightful

      If you think the US is going about this the wrong way, post a better way.

      Why? It's not our country. Telling another country how to behave if you don't like it is another US habit the world could do without, so excuse us for not making the same mistake.

  3. Re:Young by Anonymous Coward · · Score: 2, Insightful

    Too bad the rest of us have to share a network with Windows users. When viruses hit Windows hard, the whole network suffers.

  4. It's a real shame by saskboy · · Score: 4, Insightful

    It's a shame that these idiot kids can't make a program that every computer [that runs Windows anyway] could use, and then when they get the urge to explot a Windows hole, they'd have a payload that would do more than cause reboots and crashes, and could do something useful like calculate something for medical science, patch the hole they exploit without doing damage, or play a podcast with a good message.

    ANYTHING. The lack of creativity in today's vandals is just pitiful.

    --
    Saskboy's blog is good. 9 out of 10 dentists agree.
    1. Re:It's a real shame by TripMaster+Monkey · · Score: 5, Insightful

      I'm still waiting for the virus that infects systems through vulnerabilities in IE or Outlook/OE, then:
      • Installs Firefox
      • Configures it to be the default browser
      • Imports the IE favorites to the bookmarks,
      • Edits the registry to disable IE as much as possible
      • Installs Thunderbird
      • Configures it to be the default email client
      • Imports contents of Outlook and OE address book to Thunderbird
      • Uninstalls Outlook Express and OE
      • Deletes itself
      The writer of this 'virus' should get a frickin' medal.
      --
      ____

      ~ |rip/\/\aster /\/\onkey

    2. Re:It's a real shame by saskboy · · Score: 2, Insightful

      "The writer of this 'virus' should get a frickin' medal."

      He's more likely to get beaten to death by people raking in the money from removing spyware and repairing viruses.

      --
      Saskboy's blog is good. 9 out of 10 dentists agree.
  5. Quick question. by mctk · · Score: 5, Insightful

    How on earth do they find these people?

    --
    Paul Grosfield - the quicker picker upper.
    1. Re:Quick question. by Anonymous Coward · · Score: 1, Insightful

      They brag.

      Computer geeks or not, virus writers are not the sharpest tools in the box. If they were really all that 'leet, they'd be able to make an honest living with their mad ski11z.

    2. Re:Quick question. by anon*127.0.0.1 · · Score: 2, Insightful

      Or they bragged about how 133t they were to the wrong people, and someone decided to turn them in to try and pick up the Microsoft bounty.

      --
      I am NOT a man!
      I am a free number!
  6. What a bunch of shit by Rosco+P.+Coltrane · · Score: 5, Insightful

    The worm also is thought to have temporarily disabled the systems that the U.S. Department of Homeland Security uses to screen airline passengers entering the United States.

    Oh so the airport screening machines are on the internet, are they? I feel safer in the hands of people as competent as the DHS already...

    Or more likely, this is just another piece of DHS propaganda designed to enphasize how dangerous those virus writers are. So dangerous they can disable our precious airport security systems! Terrorists!!

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
    1. Re:What a bunch of shit by freshman_a · · Score: 3, Insightful


      Oh so the airport screening machines are on the internet, are they?

      Or more likely, someone brought in an infected laptop and connected it to the network...

      Not that it's a much better situation, but just because a computer (or network) has a virus on it, does not mean it's on the internet.

      --
      Slackware
    2. Re:What a bunch of shit by Rosco+P.+Coltrane · · Score: 4, Insightful

      UPS != DHS

      UPS is a commercial venture, they may have grave problems, but it's not a matter of national security.

      The DHS on the other hand, given the important task of securing the homeland that they've been given, if they can't be trusted to use something other than Windows connected directly to the net to do their job, they should be kicked in the butt.

      My suspicion however is that they're not that stupid, they probably do have secure systems and networks, and that's what leads me to deduce that the statement in TFA about kids half-way around the globe being able to disable airport security is a crock of shit. Either way, the DHS should be investigated, either for negligence, or for misleading the public.

      --
      "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  7. Re:It's Windows by PyroX_Pro · · Score: 5, Insightful

    Pointing at the emperor and throwing rocks at his balls are two very different things. They could of just pointed. They went the rocks at balls path.

  8. Re:i always wondered by tundog · · Score: 4, Insightful

    and also, i guess this shows more than russia has some awesome programmers :)

    Creating these viruses is easy. It takes a lot more skill to create a complex system than it does to find a crack in the foundation and exploit it. All that this really shows is that Russia has some 'unconscionable' programmers.

    --
    All your base are belong to us!
  9. Re:i always wondered by RobotRunAmok · · Score: 2, Insightful

    i guess this shows more than russia has some awesome programmers

    What, specifically, in the "code" of these viruses constitutes the "awesome" part?

  10. Re:Wow by ezweave · · Score: 2, Insightful

    To further ammend that, the problem is not code reviews, it's the MS design (or lack thereof). Alot of MS exploits are not issues where the code was defective as much as where the design was defective. Take, for example, the Slammer worm. You would ask the SQlServer instance for a database (directory service over UDP), then get a good old buffer overflow by making a bad request (not formatted properly). (My memory is a bit rusty on the details, check out wired for a slightly closer look.)

    Code reviews, usually find the "duh" type of bugs. As in, poor control structures, misuse of class/methods. The security type flaws can only be fixed by: better design (what could someone do to this) or having people hack at your solution as part of testing (aha, look what I can do). Now the slammer fix could (and probably was) as simple as a check on the length of the request.

    Now (knowing that), if I worked at Microsoft, I would be checking for that in code reviews... I mean they have been bitten by this numerous times and a buffer overflow attack is one of the oldest tricks in the book. And yet this is also a process thing: the guys who wrote the code that performs the search probably don't know alot about low level details, and those guys didn't know the restrictions, which points back to design.

  11. Re:FBI has become a world-wide police force. by Anonymous Coward · · Score: 2, Insightful

    What is so strange about that? They can work together with Interpol and other police forces if they want to. FBI takes the cause to find Internet idiots and I praise them for that.
    I'm all in for all governments agencies to work together to hunt these people down.

  12. Funny Logic ... by joelsanda · · Score: 3, Insightful

    How is this wrong? People like this are keeping software developers on their toes. I say good on them...

    Couldn't you make the same case for people shooting cops or driving drunk? In the first case it will spur body armor manufacturers to create more effective armor. In the later it may lead to safer cars?

    --
    The Luddites were ahead of their time.
  13. Re:It's Windows by Peter+La+Casse · · Score: 2, Insightful
    I know it's a lost cause even on /. anymore, but the Windows OS is the problem. These are children who are writing these things.

    Blame is not a zero sum game. Windows is one of the problems. A child who writes worms is another.

  14. Re:New market for MS? by rhizome · · Score: 2, Insightful

    indeed. they've already set the groundwork for popular and exploitable technologies, the only thing left is for them to play cop for the crimes they invented.

    --
    When I was a kid, we only had one Darth.
  15. Re:Diabl0 & Coder should be given medals by bcuriel · · Score: 5, Insightful

    I'm assuming you didn't read any of the articles above.

    The exploit was for a patch MICROSOFT HAD ALREADY RELEASED. They were merely taking advantage of the hole that Microsoft revealed by making the patch available.

    I fail to see how these guys deserve anything but the punishment they are getting.

  16. Re:Punishment? Right... by Taladar · · Score: 2, Insightful

    Spam is worse than Viruses and Worms. You can't escape it by using another OS.

    --
    Linux is not Windows
  17. Re:So what's wtih CNN by Anonymous Coward · · Score: 1, Insightful

    We patch, with our own SUS server even. Then WSUS came out. Our Windows guy installed it and started sucking down the patches and left for the weekend. When he came back on Monday the server's disk had filled up with every language of every patch blah blah over 40 GB of shit. Half of our machines were already compromised by two Monday mornings ago. So lots of our users didn't get the patches. Now we are getting hit with random root kits on all of these w2k machines.. oh the fun.

  18. So where's Mr Big? by FishandChips · · Score: 2, Insightful

    Where I live, "security experts" are always wheeled out at these moments to explain that the new viral assualt is the creation of organized criminal gangs headed by a supremely intelligent and resourceful Mr Big (who probably lives in a suite at the Ritz and never goes anywhere without a Yorkshire Terrier). Yet here we are again, with the alleged perps being a couple of no-name losers from nowhere. It'll be interesting to see what, if anything, they link to.

    --
    Las qué passoun
    tournoun pas maï
  19. Re:Fitting Punishment... by Stiletto · · Score: 2, Insightful

    I wonder what would be a fitting punishment for someone who uses the nonsense word "virii"

    THERE IS NO SUCH WORD AS VIRII.
    THERE IS NO SUCH WORD AS VIRII.
    THERE IS NO SUCH WORD AS VIRII.

    Keep reading it, and try to let it sink in.