Slashdot Mirror
Zotob and Mytob Worm Authors Arrested
An anonymous reader writes "The Washingtonpost.com is reporting that two men have been arrested for allegedly authoring and releasing the "Zotob" and "Mytob" worms. The first Zotob, released Aug 14 - just 4 days after Microsoft released a fix for the hole it exploited, infected systems at many major news outlets. Mytob remains one of the most pervasive worms on the 'Net today." From the article: "Moroccan authorities, working with the FBI, arrested Farid Essebar, 18, a Moroccan national born in Russia who went by the screen moniker 'Diabl0.' Arrested in Turkey was Atilla Ekici, aka 'Coder,' age 21. Both individuals will be subject to local prosecutions, the FBI said." Update: 08/26 20:56 GMT by Z : Nana Mous wrote to mention an eWeek blow by blow account of Microsoft's response to the worm. Very interesting read.
In the interest of stimulating more informed discussion, here is a link to a press release from Microsoft commending the Turkish and Moroccan authorities, as well as the FBI, for their prompt arrest of the suspects.
____
~ |rip/\/\aster /\/\onkey
Atilla, you don't need a cool alias - you already have one!
2+2=5 for extremely large values of 2
Both individuals will be subject to local prosecutions, the FBI said.
In other words, a few horse heads will show up in some beds, some vague threats made, and they'll get off with no punishment.
There are only 10 kinds of people in this world... those who understand binary and those who don't
You know how it is. When you're young, it's hard to keep your worm to yourself.
Best Windows Freeware
what would someone that age get out of releasing something that would cost so much damage?? i realize you get the whole '3Y3 PWN3D J00R 4SS' effect, but still.
:)
and also, i guess this shows more than russia has some awesome programmers
last tid bit:
Moroccan authorities, working with the FBI, arrested Farid Essebar, 18, a Moroccan national born in Russia who went by the screen moniker "Diabl0."
who the hell uses the term 'screen moniker'??
Wouldn't using Atilla as a screen name earn a bit more respect than Coder?
d z.htm
http://www.hyperhistory.net/apwh/bios/b3atilla_p1
The Stone Age did not end because humans ran out of stones. - William McDonough
removing their virii and others as well as great software such as CoolWebSearch and their ilk all day EVERYDAY of their sentence.
If I was either of the two suspects I would be crying my eyes out and demanding to be tried and jailed in the US instead of the "Local prosecution". Their best jails would likely not come up to the level of our worst.
"GET / HTTP/1.0" 200 51230 "-" "Mozilla/4.0 (compatible; Setec Astronomy)"
they had apparently commented the code: //.. @uthors: Farid Essebar, Atilla Ekici
Too bad the rest of us have to share a network with Windows users. When viruses hit Windows hard, the whole network suffers.
Maybe it's just me, but /. should really think about implementing a "crime" section for posts such as this... I don't believe that the arrest of a virus creator really falls within the realm of "Your Rights Online"...
It's a shame that these idiot kids can't make a program that every computer [that runs Windows anyway] could use, and then when they get the urge to explot a Windows hole, they'd have a payload that would do more than cause reboots and crashes, and could do something useful like calculate something for medical science, patch the hole they exploit without doing damage, or play a podcast with a good message.
ANYTHING. The lack of creativity in today's vandals is just pitiful.
Saskboy's blog is good. 9 out of 10 dentists agree.
I think it's interesting that when these worms were originally introduced, and started first infecting machines, how the media made such a big deal about how quickly after the security hole was announced the worm was unleashed. I find it a bit more interesting the speed with which law enforcement is able to nab the creator of such programs. It used to be, "We don't know where in the hell to start!" to now it's more like "When can we pick this person up and how are we going to prosecute them here or there."
Just my thoughts.Generation Trance: What generation are you?
How on earth do they find these people?
Paul Grosfield - the quicker picker upper.
Oh my god, does this kid suffer from a lack of imagination or what?!
I could be wrong. I'm always wrong...
The worm also is thought to have temporarily disabled the systems that the U.S. Department of Homeland Security uses to screen airline passengers entering the United States.
Oh so the airport screening machines are on the internet, are they? I feel safer in the hands of people as competent as the DHS already...
Or more likely, this is just another piece of DHS propaganda designed to enphasize how dangerous those virus writers are. So dangerous they can disable our precious airport security systems! Terrorists!!
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
It is interesting that the U.S. government's FBI agency has become a world-wide police force.
--
Trying to make one book explain all of life makes some people crazy enough to kill.
Microsoft Assisted Worm Investigation Microsoft's Internet Crime Investigations Team supported the investigation with law enforcement immediately following the release of the two worms. Microsoft provided technical information and analytical support to the FBI on this case, which was then shared with Moroccan and Turkish authorities.
Daily News http://newsblaze.com
Pointing at the emperor and throwing rocks at his balls are two very different things. They could of just pointed. They went the rocks at balls path.
Happy Birthday, Joshi.
the virii in hackers were a lot more fun. best quote ever:
GUY: SIR! WEVE GOT A COOKIE MONSTER!
other guy: TYPE COOKIE YOU IDIOT!
come on, next you'll be telling me that you're brave in rl and my time spent here is productive or something.
The Stone Age did not end because humans ran out of stones. - William McDonough
To further ammend that, the problem is not code reviews, it's the MS design (or lack thereof). Alot of MS exploits are not issues where the code was defective as much as where the design was defective. Take, for example, the Slammer worm. You would ask the SQlServer instance for a database (directory service over UDP), then get a good old buffer overflow by making a bad request (not formatted properly). (My memory is a bit rusty on the details, check out wired for a slightly closer look.)
Code reviews, usually find the "duh" type of bugs. As in, poor control structures, misuse of class/methods. The security type flaws can only be fixed by: better design (what could someone do to this) or having people hack at your solution as part of testing (aha, look what I can do). Now the slammer fix could (and probably was) as simple as a check on the length of the request.
Now (knowing that), if I worked at Microsoft, I would be checking for that in code reviews... I mean they have been bitten by this numerous times and a buffer overflow attack is one of the oldest tricks in the book. And yet this is also a process thing: the guys who wrote the code that performs the search probably don't know alot about low level details, and those guys didn't know the restrictions, which points back to design.
Imagine that a clothing company uses very shoddy materials and cuts corners in its production, yet they are popular enough that 9 out of 10 people will be wearing that brand of clothing. The clothes are crap, sub-standard, and you just know that if people realized this, the company would either improve, or people would buy their clothes elsewhere. To that end, you walk down a busy street and grab a handful of cloth every which way, easily ripping the shirts off 9 out of 10 women who pass by you.
Should you be jailed for "merely" demonstrating this weakness?
-paul
Pistol caliber is like religion: everyone has their favourite, and theirs is the only right choice.
How is this wrong? People like this are keeping software developers on their toes. I say good on them...
Couldn't you make the same case for people shooting cops or driving drunk? In the first case it will spur body armor manufacturers to create more effective armor. In the later it may lead to safer cars?
The Luddites were ahead of their time.
I was reading a dated (2004) article comparing security on Windows and Linux. In it, they point out that Windows is not on the Top-50 list of highest uptimes. I recently visited the list (http://uptime.netcraft.com/up/today/top.avg.html) and noticed that Windows does indeed have a few entries.
But, no Windows machine should have an uptime of more than ~6 months as all MS updates require a reboot. And the Netcraft list contained Win2k machines w/ 4+ yrs uptime! That means they should be ripe for the picking, right?
Directly-accessible web servers that haven't been patched.
Any reason these aren't hit?
On a computer or under a hood.
Damn, now I want to know what that subject line says...
my progeny worm
set loose to exploit your holes
mine left for inmates
The "Executive e-mail" is a key part of the response process, and it includes the use of a very specific, high-priority subject line to make sure the mail is read by the senior executives.
Unfortunately for Microsoft, and fortunately for us, that very specific, high priority subject line has been leaked:
#1, most countries have laws against hacking/viruses/etc. Hence the reason they are being prosecuted locally. They broke a law in their country so it'll be handled there. However #2, law enforcement around the globe cooperates. We don't want criminals to be able to escape prosecution simply be conducting crimes across national lines, or fleeing to another country.
So, what probably happened here is what happens all the time, the FBI had evidence that one of the authors was Moroccan so they got a hold of Moroccan police and gave them the information they had. Moroccan police investigated and have now arrested a suspect.
I fail to see the problem here.
Turkey and Morocco are amongst America's most trusted allies. Turkey is member of NATO, and Morocco was granted by the US the status of most important ally outside NATO, and we have a free trade agreement with Morocco as well.
Oh, and btw., America's oldest friendship treaty (non broken) with a foreign nation was with... right: Morocco. Signed on our side by Thomas Jefferson himself.
cpghost at Cordula's Web.
Blame is not a zero sum game. Windows is one of the problems. A child who writes worms is another.
Pointing at the emperor and throwing rocks at his balls are two very different things. They could of just pointed. They went the rocks at balls path.
Have you ever known an emperor to respond to the "oh, you made a mistake" approach? Or even recognize that a mistake has been made without a few rocks thrown at their balls? Plenty of people, security experts and script kiddies alike, have been warning with the "pointing" method for a long time. Absolutely no-one notices until the emperor takes a few rocks to the balls. Disclaimer: I disagree with such treatment on principle but can see why someone would take such an approach.
indeed. they've already set the groundwork for popular and exploitable technologies, the only thing left is for them to play cop for the crimes they invented.
When I was a kid, we only had one Darth.
I'm assuming you didn't read any of the articles above.
The exploit was for a patch MICROSOFT HAD ALREADY RELEASED. They were merely taking advantage of the hole that Microsoft revealed by making the patch available.
I fail to see how these guys deserve anything but the punishment they are getting.
The USA, proud member of the first world, is in the top ten for executions with such exemplary second world nations as Belarus and China.
Where I live, "security experts" are always wheeled out at these moments to explain that the new viral assualt is the creation of organized criminal gangs headed by a supremely intelligent and resourceful Mr Big (who probably lives in a suite at the Ritz and never goes anywhere without a Yorkshire Terrier). Yet here we are again, with the alleged perps being a couple of no-name losers from nowhere. It'll be interesting to see what, if anything, they link to.
Las qué passoun
tournoun pas maï
Because installing a Windoze patch is risky business. They have a nasty habit of breaking important things. Good IT departments will test the crap out of a patch before rolling it out to several hundred desktops.
-- Will program for bandwidth
As someone who just finished working at an embassy overseas and worked with FBI officials there, let me assure you - the local countries don't mind the help and technical assistance they receive from the LEGAT offices. Quite the opposite - LEGAT provides a great deal of training and equipment when needed, and acts as a liason with local police force.
The LEGAT agents probably weren't the ones that made the actual bust, but they were likely there to coordinate it.
Considering the damage this virus caused to US interests (businesses and citizens at home and abroad), I'd argue the US certainly had an interest in taking these guys out of commission.
The tinfoil hat crowd can, and will, say what they want, but the FBI employees I've had the chance to work with are amazing people - honest, hard working, focused on their jobs, and quite frankly, underpaid for the risks they take. I'm just glad to hear that the guys were busted.
Because
a) that would slow the rate of infection, and it's lifetime (I still see the odd laptop infected with blaster)
b) an infected machine they can pull credit card numbers off of (which they did in this case) or send spam with, is much more valuable to writers these days than just killing it.
Remember kids, it's all fun and games until someone commits wholesale galactic genocide.
Shouldn't they arrest or at least fire the developers responsible for creating the vulnerability in the first place and thus making these viruses possible?
It's like your house has a 2 metre hole in the wall because the builders forgot to close it. And you can't close it yourself because it's against the law to examine the house.