Iria

Washington (DC) - Almost as fast as the Zotob worm exploited a reported Windows 2000 vulnerability, the Cyber Division of the FBI, in cooperation with Moroccan and Turkish authorities, as well as Microsoft itself, announced this morning the arrest overseas of two individuals in connection with the network worm investigation.

This morning, Moroccan authorities arrested Farid Essebar, age 18; and simultaneously, Turkish officials arrested Atilla Ekici, age 21, both in connection with a global investigation into the outbreak of the Zotob network worm discovered just over two weeks ago. Louis M. Reigel, FBI Assistant Director for the Cyber Division, told reporters this afternoon that Essebar is believed to have been the sole author of the Zotob strain.

"The Moroccan was responsible, [it is] our belief, at this point in the investigation, for writing the code," A.D. Reigel stated. Referring to the suspect by his country of origin, he continued, "Moroccan has a financial relationship with the Turkish individual, Mr. Ekici. We believe that there was financial gain on the part of Moroccan in relationship to the writing of the code." However, Reigel added, the FBI had not seen official charges against the two suspects from their respective governments.

Essebar is also suspected, the FBI confirmed, of either writing or co-writing two other major instances of obtrusive and destructive code: The Mytob mass-mail attachment worm, discovered last February, to which Essebar is believed to have contributed, exhibits similar behavior to Zotob but is communicated in a different way. Zotob attacks systems through an unmonitored network port reserved for Universal Plug and Play, in order to exploit a deficiency in Windows 2000 which fails to authenticate traffic over that port.

Also being attributed to Essebar is the Rbot strain of worms, first detected in June 2004, for which anti-virus provider Sophos reports hundreds of known variants.
__________
Read More / Source: Tom's Hardware Guide