Slashdot Mirror
Zotob and Mytob Worm Authors Arrested
An anonymous reader writes "The Washingtonpost.com is reporting that two men have been arrested for allegedly authoring and releasing the "Zotob" and "Mytob" worms. The first Zotob, released Aug 14 - just 4 days after Microsoft released a fix for the hole it exploited, infected systems at many major news outlets. Mytob remains one of the most pervasive worms on the 'Net today." From the article: "Moroccan authorities, working with the FBI, arrested Farid Essebar, 18, a Moroccan national born in Russia who went by the screen moniker 'Diabl0.' Arrested in Turkey was Atilla Ekici, aka 'Coder,' age 21. Both individuals will be subject to local prosecutions, the FBI said." Update: 08/26 20:56 GMT by Z : Nana Mous wrote to mention an eWeek blow by blow account of Microsoft's response to the worm. Very interesting read.
removing their virii and others as well as great software such as CoolWebSearch and their ilk all day EVERYDAY of their sentence.
Maybe it's just me, but /. should really think about implementing a "crime" section for posts such as this... I don't believe that the arrest of a virus creator really falls within the realm of "Your Rights Online"...
I think it's interesting that when these worms were originally introduced, and started first infecting machines, how the media made such a big deal about how quickly after the security hole was announced the worm was unleashed. I find it a bit more interesting the speed with which law enforcement is able to nab the creator of such programs. It used to be, "We don't know where in the hell to start!" to now it's more like "When can we pick this person up and how are we going to prosecute them here or there."
Just my thoughts.Generation Trance: What generation are you?
It is interesting that the U.S. government's FBI agency has become a world-wide police force.
--
Trying to make one book explain all of life makes some people crazy enough to kill.
Among walnuts only the empty one speaks.
boy, you are a retard aren't you. these people that were arrested didn't find the flaw, they merely plugged the thing into an already-existing virus base (blaster) and clicked on it. they don't deserve jobs for the fbi. they are just a bunch of script kiddies
-Anonymous Coward
I have a hard time believing that they disabled any of the screening machines. I have operated most of the machines in use (a year ago anyway) and while the larger machines use Windows as the console, the machines themselves use Unix variants inside. The smaller machines are Unix variants on the console as well.
...if I were recognised as even a little bit valuable to their operation from a network-security standpoint, I might have tried to make my career there, but alas, they only wanted me as a screener... (If you want to get promoted in the DHS, it's best if you are either non-white or female... bonus if you're both!) I guess this might be true of just about any government job but it really left a bitter taste behind with me.... oh well... enough off-topic complaints.
I can't speak for airports other than the one I worked at, but while the machines were capable of being networked, I saw no indication that they were actively used as anything but stand-alone machines. (That's not to say they weren't... just that I saw no indication of it.) To me it means that these machines aren't likely to have been infected unless a technician connected a laptop to it and inadvertently infected one. As much as I would like to bad-mouth DHS and the TSA, I can't in this area -- it just doesn't seem likely to me.
Now that said, I know all of their office systems are Windows and could have been vulnerable. But again, the systems at the airport I worked didn't have much in the way of network connections (most of the time, no network connection at all). So again, I don't think airport systems, administrative or operational were vulnerable to network infection.
Why don't we have some viruses that act more as 'creative grafitti'
We do still have these. They're called freeware or shareware. You'll find them on websites all over the place. Most of the time they come with hidden surprises too!
The Stone Age did not end because humans ran out of stones. - William McDonough
This begs the question - how many "smart" virus writers just assume another persons identity to commit these acts, intentionally throwing the blame/investigation elsewhere. Know your enemies better than your friends.
The Stone Age did not end because humans ran out of stones. - William McDonough
I was reading a dated (2004) article comparing security on Windows and Linux. In it, they point out that Windows is not on the Top-50 list of highest uptimes. I recently visited the list (http://uptime.netcraft.com/up/today/top.avg.html) and noticed that Windows does indeed have a few entries.
But, no Windows machine should have an uptime of more than ~6 months as all MS updates require a reboot. And the Netcraft list contained Win2k machines w/ 4+ yrs uptime! That means they should be ripe for the picking, right?
Directly-accessible web servers that haven't been patched.
Any reason these aren't hit?
On a computer or under a hood.
Pointing at the emperor and throwing rocks at his balls are two very different things. They could of just pointed. They went the rocks at balls path.
Have you ever known an emperor to respond to the "oh, you made a mistake" approach? Or even recognize that a mistake has been made without a few rocks thrown at their balls? Plenty of people, security experts and script kiddies alike, have been warning with the "pointing" method for a long time. Absolutely no-one notices until the emperor takes a few rocks to the balls. Disclaimer: I disagree with such treatment on principle but can see why someone would take such an approach.
> Their best jails would likely not come up to the level of our worst.
Welcome in Guantanamo !
Well moroccan prisons are certainly not five stars hotels, but I am pretty sure that it's much much more confortable for this guy to have it's trial in his home country rather than in the US nowdays with all the terrorist paranoia going in this country.
I am a Moroccan national, and I have partically renounced travelling to the US after all the horrors stories people I know have told me they have faced in US airports.
Morocco is not really a democratic country (yet), but things are slowly evolving in the good way and nothing similar to Abu Ghraib or Guantanamo has happened lately in Morocco, since Tazmamart which was really horrible for those who have heard about it.
it's exposure
if some linux desktop flavor were as widely popular as windows, do you honestly think it would be any different with a new wonder worm every year?
you linux zealots are honestly going to tell me that some badly written linux app that people widely adapt isn't going to be fodder for these guys as well if the application and the os had as much exposure as windows?
it's a very simple formula: take a bunch of coders working on a lot of code, and presto changeo: holes. it's not like linux programmers are omnipotent and windows coders are drunk: people are people, no one is perfect, sh*t happens. the only deciding factor is how much interest there is in finding and exploiting those holes. if linux were up at bat instead of microsoft in the popularity contest, linux would be striking out just as much as microsoft.
so what's the real lessons for us?:
1. you need an ECOSYSTEM of os's out there. not one big borg state of 99.999% market penetration. in such a world, truly, one kid in his parent's basement can take down the entire world. what you need is something like 25% linux, 25% bsd, 25% windows, 25% mac, or whatever.
2. don't celebrate that microsoft is getting hammered with worms, you should WORRY. because microsoft is getting good at fighting these worms back. look at the difference in the response to zotob as compared to sasser or code red. does the linux world have a similar muscular attack response system? additionally, what happens is that over time, because of it's exposure, microsoft actually gets pretty darn well patched from all of the really scary expoits out there, and all of the exposure begins to WORK for microsoft sales pr: "well we've been exposed to a powerful searchlight over the last few years and all of the really scary holes have been found... if you go with our competitors, who don't have nearly as much exposure to exploit exploration, who knows what nasty things someone might find in that os."
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
The USA, proud member of the first world, is in the top ten for executions with such exemplary second world nations as Belarus and China.
When I see a tornado or hurricane item on the news, and "entire trailer parks were flattened", I sometimes have my thoughts about better preparing for weather events, yes. There are housing constructs that are better proofed to a gush of wind than a trailer.
This does not mean that the owner deserves it to be destroyed, but he could have taken better measures. Same with computers.
Also I agree with the original poster that it is funny to see those big guys who are supposedly using all of Microsoft corporate management tools to be taken by every worm, while at our company with a better understanding about what is really happening and a tight policy on what is allowed (like not having a direct or NAT routing to Internet, not allowing any executable in by mail or web, not running workstations with administrative privileges) we have never ever even had the slightest worm or virus problem.
Shouldn't they arrest or at least fire the developers responsible for creating the vulnerability in the first place and thus making these viruses possible?
It's like your house has a 2 metre hole in the wall because the builders forgot to close it. And you can't close it yourself because it's against the law to examine the house.