Zotob and Mytob Worm Authors Arrested

← Back to Stories (view on slashdot.org)

Zotob and Mytob Worm Authors Arrested

Posted by Zonk on Friday August 26, 2005 @08:18AM from the life-becomes-less-annoying dept.

An anonymous reader writes "The Washingtonpost.com is reporting that two men have been arrested for allegedly authoring and releasing the "Zotob" and "Mytob" worms. The first Zotob, released Aug 14 - just 4 days after Microsoft released a fix for the hole it exploited, infected systems at many major news outlets. Mytob remains one of the most pervasive worms on the 'Net today." From the article: "Moroccan authorities, working with the FBI, arrested Farid Essebar, 18, a Moroccan national born in Russia who went by the screen moniker 'Diabl0.' Arrested in Turkey was Atilla Ekici, aka 'Coder,' age 21. Both individuals will be subject to local prosecutions, the FBI said." Update: 08/26 20:56 GMT by Z : Nana Mous wrote to mention an eWeek blow by blow account of Microsoft's response to the worm. Very interesting read.

23 of 363 comments (clear)

Informative link: by TripMaster+Monkey · 2005-08-26 08:21 · Score: 4, Informative

In the interest of stimulating more informed discussion, here is a link to a press release from Microsoft commending the Turkish and Moroccan authorities, as well as the FBI, for their prompt arrest of the suspects.

--
____
~ |rip/\/\aster /\/\onkey
1. Re:Informative link: by Anonymous Coward · 2005-08-26 08:28 · Score: 5, Funny
  
  in morroco if they ctch you hcking they will cut your pinkies off, it mkes cpitliztion rel bitch. trust me i know
With a name like... by zetes · 2005-08-26 08:21 · Score: 5, Funny

Atilla, you don't need a cool alias - you already have one!

--
2+2=5 for extremely large values of 2
Re:Young by L.+VeGas · 2005-08-26 08:23 · Score: 5, Funny

You know how it is. When you're young, it's hard to keep your worm to yourself.

--
Best Windows Freeware
i always wondered by tont0r · 2005-08-26 08:24 · Score: 4, Funny

what would someone that age get out of releasing something that would cost so much damage?? i realize you get the whole '3Y3 PWN3D J00R 4SS' effect, but still.

and also, i guess this shows more than russia has some awesome programmers :)

last tid bit:
Moroccan authorities, working with the FBI, arrested Farid Essebar, 18, a Moroccan national born in Russia who went by the screen moniker "Diabl0."
who the hell uses the term 'screen moniker'??
1. Re:i always wondered by tundog · 2005-08-26 08:42 · Score: 4, Insightful
  
  and also, i guess this shows more than russia has some awesome programmers :)
  
  Creating these viruses is easy. It takes a lot more skill to create a complex system than it does to find a crack in the foundation and exploit it. All that this really shows is that Russia has some 'unconscionable' programmers.
  
  --
  All your base are belong to us!
Fitting Punishment... by Anonymous Coward · 2005-08-26 08:25 · Score: 4, Interesting

removing their virii and others as well as great software such as CoolWebSearch and their ilk all day EVERYDAY of their sentence.
how were they caught? by dotpavan · 2005-08-26 08:26 · Score: 5, Funny

they had apparently commented the code: //.. @uthors: Farid Essebar, Atilla Ekici
1. Re:how were they caught? by Deviant+Q · 2005-08-26 08:57 · Score: 5, Funny
  
  No no no, these days you've got to do it right... JavaDoc syntax!
  
  /** * @package Pwnz0ringVirusOfDeath * @subpackage PwningModule * @author Farid Essebar, Atilla Ekici * @copyright Copyright © 2005, WePwnJ00 Inc. */
  
  --
  "May the days be aimless. Let the seasons drift. Do not advance the action according to a plan."
It's a real shame by saskboy · 2005-08-26 08:29 · Score: 4, Insightful

It's a shame that these idiot kids can't make a program that every computer [that runs Windows anyway] could use, and then when they get the urge to explot a Windows hole, they'd have a payload that would do more than cause reboots and crashes, and could do something useful like calculate something for medical science, patch the hole they exploit without doing damage, or play a podcast with a good message.

ANYTHING. The lack of creativity in today's vandals is just pitiful.

--
Saskboy's blog is good. 9 out of 10 dentists agree.
1. Re:It's a real shame by TripMaster+Monkey · 2005-08-26 08:37 · Score: 5, Insightful
  I'm still waiting for the virus that infects systems through vulnerabilities in IE or Outlook/OE, then:
  Installs Firefox
  Configures it to be the default browser
  Imports the IE favorites to the bookmarks,
  Edits the registry to disable IE as much as possible
  Installs Thunderbird
  Configures it to be the default email client
  Imports contents of Outlook and OE address book to Thunderbird
  Uninstalls Outlook Express and OE
  Deletes itself
  The writer of this 'virus' should get a frickin' medal.
  --
  ____
  ~ |rip/\/\aster /\/\onkey
2. Re:It's a real shame by MightyMartian · 2005-08-26 08:58 · Score: 5, Funny
  
  I'm waiting for the worm that installs itself, grabs a baseball and begins beating the user over the head shouting in a William Shatner voice "Look... you fucking idiot... don't open... mail with attachments..."
  
  --
  The world's burning. Moped Jesus spotted on I50. Details at 11.
Quick question. by mctk · 2005-08-26 08:31 · Score: 5, Insightful

How on earth do they find these people?

--
Paul Grosfield - the quicker picker upper.
1. Re:Quick question. by Anonymous Coward · 2005-08-26 08:40 · Score: 5, Informative
  
  from TFA they tried to run a bankcard scam with info they obtained from compromised machines.
What a bunch of shit by Rosco+P.+Coltrane · 2005-08-26 08:32 · Score: 5, Insightful

The worm also is thought to have temporarily disabled the systems that the U.S. Department of Homeland Security uses to screen airline passengers entering the United States.

Oh so the airport screening machines are on the internet, are they? I feel safer in the hands of people as competent as the DHS already...

Or more likely, this is just another piece of DHS propaganda designed to enphasize how dangerous those virus writers are. So dangerous they can disable our precious airport security systems! Terrorists!!

--
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
1. Re:What a bunch of shit by Rosco+P.+Coltrane · 2005-08-26 08:47 · Score: 4, Insightful
  
  UPS != DHS
  
  UPS is a commercial venture, they may have grave problems, but it's not a matter of national security.
  
  The DHS on the other hand, given the important task of securing the homeland that they've been given, if they can't be trusted to use something other than Windows connected directly to the net to do their job, they should be kicked in the butt.
  
  My suspicion however is that they're not that stupid, they probably do have secure systems and networks, and that's what leads me to deduce that the statement in TFA about kids half-way around the globe being able to disable airport security is a crock of shit. Either way, the DHS should be investigated, either for negligence, or for misleading the public.
  
  --
  "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
2. Re:What a bunch of shit by erroneus · 2005-08-26 09:04 · Score: 4, Interesting
  
  I have a hard time believing that they disabled any of the screening machines. I have operated most of the machines in use (a year ago anyway) and while the larger machines use Windows as the console, the machines themselves use Unix variants inside. The smaller machines are Unix variants on the console as well.
  
  I can't speak for airports other than the one I worked at, but while the machines were capable of being networked, I saw no indication that they were actively used as anything but stand-alone machines. (That's not to say they weren't... just that I saw no indication of it.) To me it means that these machines aren't likely to have been infected unless a technician connected a laptop to it and inadvertently infected one. As much as I would like to bad-mouth DHS and the TSA, I can't in this area -- it just doesn't seem likely to me.
  
  Now that said, I know all of their office systems are Windows and could have been vulnerable. But again, the systems at the airport I worked didn't have much in the way of network connections (most of the time, no network connection at all). So again, I don't think airport systems, administrative or operational were vulnerable to network infection. ...if I were recognised as even a little bit valuable to their operation from a network-security standpoint, I might have tried to make my career there, but alas, they only wanted me as a screener... (If you want to get promoted in the DHS, it's best if you are either non-white or female... bonus if you're both!) I guess this might be true of just about any government job but it really left a bitter taste behind with me.... oh well... enough off-topic complaints.
Re:It's Windows by PyroX_Pro · 2005-08-26 08:37 · Score: 5, Insightful

Pointing at the emperor and throwing rocks at his balls are two very different things. They could of just pointed. They went the rocks at balls path.
Happy Bithday, Joshi by unsigned+integer · 2005-08-26 08:40 · Score: 5, Funny

Reminds me of the DOS 'Pac Man' virus ... everytime you typed a '.', a little pac-man would run out and eat it. It cracks me up everytime I think about it for some reason. Why don't we have some viruses that act more as 'creative grafitti', rather that pure tools of spam and DDoS slaves? If they are relatively benign enough, I could picture letting them run on my computer for kicks. :-)
Happy Birthday, Joshi.
Uhhh, what gave you that idea? by Sycraft-fu · 2005-08-26 09:20 · Score: 4, Informative

#1, most countries have laws against hacking/viruses/etc. Hence the reason they are being prosecuted locally. They broke a law in their country so it'll be handled there. However #2, law enforcement around the globe cooperates. We don't want criminals to be able to escape prosecution simply be conducting crimes across national lines, or fleeing to another country.

So, what probably happened here is what happens all the time, the FBI had evidence that one of the authors was Moroccan so they got a hold of Moroccan police and gave them the information they had. Moroccan police investigated and have now arrested a suspect.

I fail to see the problem here.
Re:Morocco and Turkey, eh? by cpghost · 2005-08-26 09:24 · Score: 4, Informative

Turkey and Morocco are amongst America's most trusted allies. Turkey is member of NATO, and Morocco was granted by the US the status of most important ally outside NATO, and we have a free trade agreement with Morocco as well.

Oh, and btw., America's oldest friendship treaty (non broken) with a foreign nation was with... right: Morocco. Signed on our side by Thomas Jefferson himself.

--
cpghost at Cordula's Web.
Re:Morocco and Turkey? Bleh by Khalid · 2005-08-26 09:43 · Score: 5, Interesting

Well moroccan prisons are certainly not five stars hotels, but I am pretty sure that it's much much more confortable for this guy to have it's trial in his home country rather than in the US nowdays with all the terrorist paranoia going in this country.

I am a Moroccan national, and I have partically renounced travelling to the US after all the horrors stories people I know have told me they have faced in US airports.

Morocco is not really a democratic country (yet), but things are slowly evolving in the good way and nothing similar to Abu Ghraib or Guantanamo has happened lately in Morocco, since Tazmamart which was really horrible for those who have heard about it.
Re:Diabl0 & Coder should be given medals by bcuriel · 2005-08-26 10:06 · Score: 5, Insightful

I'm assuming you didn't read any of the articles above.

The exploit was for a patch MICROSOFT HAD ALREADY RELEASED. They were merely taking advantage of the hole that Microsoft revealed by making the patch available.

I fail to see how these guys deserve anything but the punishment they are getting.