U.S. Department of Justice, Federal Bureau of Investigation

August 26, 2005

Washington D.C.


FBI ANNOUNCES TWO ARRESTS IN MYTOB AND ZOTOB COMPUTER WORM INVESTIGATION

Washington, D.C. - Working with law enforcement authorities in Morocco and Turkey, the FBI today announced the arrests of two individuals believed to be responsible for the creation and distribution of the "Mytob" and "Zotob" computer worms that were unleashed less than two weeks ago and disrupted services on computer networks of a variety of companies including major U.S. news organizations.

With the help of Moroccan authorities, Ministry of Interior Turkish National Police , and valuable assistance from Microsoft Corporation, these individuals were arrested yesterday without incident.  Arrested in Morocco was Farid Essebar, 18, a Moroccan national born in Russia who went by the screen moniker "Diabl0." Arrested in Turkey was Atilla Ekici, aka "Coder," a 21-year old resident of Turkey. Both individuals will be subject to local prosecutions.

FBI Cyber Division Assistant Director Louis M. Reigel III said, "In today's world of sophisticated technology, cyber criminals need very few tools to carry out their crimes.  With a few strokes on a keyboard and a click of a mouse, malicious computer code can instantly spread across computer networks all over the world causing significant damage and dollar loss.  In the FBI, we confront this problem by teaming our highly skilled cyber investigators with other domestic and international law enforcement agencies as well as private sector companies including Microsoft and various members of the anti-virus community.  The swift resolution of this matter is the direct result of effective coordination and serves as a good example of what we can achieve when we work together."

Microsoft Senior Vice President and General Counsel Brad Smith said , " "We congratulate the Turkish and Moroccan authorities and the FBI for finding and apprehending the alleged distributors of the Zotob and Rbot worms so quickly. These arrests demonstrate the value of public-private collaboration - the first-class investigative work by the authorities and ‘round-the-clock technical and investigative support provided by our Internet Crime Investigations Team here at Microsoft.  The results show clearly that cyber criminals will be identified, apprehended and held accountable for their actions."

W32.Zotob is a worm that targets Windows 2000 and XP-based computers.  The worm opens a back door and exploits the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039). 

Information concerning the worm and its removal can be located on the Microsoft Website at: http://www.fbi.gov/cgi-bin/outside.cgi?http://www.microsoft.com/security/incident/zotob.mspx

The investigation is continuing and t he FBI will assist appropriate authorities with respect to the institution and prosecution of any charges.

To protect against various computer infections, PC users should adopt a maintenance mindset to help keep their devices safe, and practice good security behaviors. These include using an Internet firewall, diligently installing security updates, using up-to-date antivirus software, as well as using newer and more secure software that has been engineered to better protect against emerging online threats.

###

 

Atilla Ekici, aka "Coder"

 

 

 

 

WASHINGTON - Microsoft, CNN, Caterpillar ve ABC gibi büyük şirketlerin sitelerine Zotob, Rbot ve Mytob adlı virüsleri bulaştırdığı, bankaların internet sitelerine girerek para transferi gerçekleştirdiği ileri sürülen bilgisayar korsanı 23 yaşındaki Atilla Ekici ile Faslı işbirlikçisi 18 yaşındaki Ferit Essebar'ın yakalanması tüm dünyada yankı buldu. Dün bir basın toplantısı düzenleyen FBI yetkilisi Louis M. Riegel, virüsleri Essebar'ın yazdığını, buna karşılık Ekici'nin kendisine ödeme yaptığını savundu. Essebar'ın 'Diab10', Ekici'nin ise 'Coder' takma adını kullandığını açıklayan Riegel, internet üzerinden haberleştiklerini, ancak yüz yüze gelip gelmediklerinin bilinmediğini belirtti. Zanlıların bir terörist örgütle bağlantıları tespit edilemezken, ne kadar paranın el değiştirdiği de bilinmiyor. Zanlıların yakalanmasında Microsoft'un da katkıları olurken, Reigel, Fas ve Türkiye'de bilgisayar suçlarına karşı gerekli yasaların bulunduğunu ve bu kişilerin iadesinin istenmeyeceğini açıkladı. Bu ay ortalarında ortaya çıkan ve dünyada en az 255 şirketi etkileyen Zotob, ABD Göçmenlik Bürosu'nun internet sitesinin yanı sıra İç Güvenlik Bakanlığı'nın ABD' ye uçakla giriş yapan yolcuları denetlediği sistemi de devre dışı bırakmıştı. Microsoft, The Associated Press, ABC, CNN ve New York Times gibi büyük şirketleri de vuran virüs, özellikle Windows 2000 kullanıcılarını etkilemişti.Herhangi bir yazılım açılmadan bilgisayara saldırabilen Zotob, bulaştığı bilgisayarı, korsanların erişimine açıyordu. Virüs korsanlara uzaktan erişim yetkisi de veriyor. Şubatta ortaya çıkan Mytob ise bulaştığı bilgisayardan e-posta aracılığıyla yayılarak, bilgisayardaki kişisel bilgilerin korsanlar tarafından çalınmasını sağlıyordu. (Washington Post – 26/8/05)

 

 

Virüsçü Türk’e, FBI ile ortak operasyon   -   25/8/05

 

Related:

Microsoft rend hommage aux autorités marocaines et turques pour l'arrestation des concepteurs presumés du virus Zotob

La société Microsoft a publié sur son site Internet un communiqué dans lequel elle salue les autorités marocaines et turques ainsi que le FBI pour l'arrestation de ces suspects.Parmi les victimes de ce virus, appelé "Zotob", on compte, entre autres, les chaînes de télévision "CNN" et "ABC News", le journal "New York Times", la filière "Disney", ainsi que l'aéroport de San Francisco.
La Direction Générale de la Sûreté Nationale (DGSN) a annoncé qu'un jeune marocain âgé de 18 ans, convaincu d'être derrière la conception d'un virus qui s'est attaqué à plusieurs utilisateurs du Système d'Exploitation Windows 2000 de Microsoft a été arrêté, jeudi à Rabat.L'arrestation d'un jeune Turc, soupçonné lui aussi d'avoir introduit un virus dans les systèmes informatiques de la firme américaine Microsoft, de banques et de médias dans 110 pays, est intervenue le même jour en Turquie.

 

Louis M. Reigel III  FBI's assistant director for cyber crimes

Microsoft Commends Turkish and Moroccan Authorities and the FBI on the Arrest of the Alleged Authors of the Recent Zotob and Mytob Worms

Company’s Internet Crime Investigations Team supported law-enforcement investigation.

REDMOND, Wash. — Aug. 26, 2005 — Microsoft Corp. today commended Turkish and Moroccan law-enforcement authorities and the FBI for their prompt arrest of the individuals believed to be responsible for the creation and distribution of the recent Zotob and Mytob worms. Microsoft worked closely with law-enforcement agencies in the U.S. and overseas to provide investigative and technical support in the investigation. On Thursday, Aug. 25, law-enforcement authorities in Morocco and Turkey arrested the individuals believed to be the authors and distributors of the worms, less than two weeks after the worms were unleashed.

 

http://www.microsoft.com/presspass/press/2005/aug05/08-26ZotobArrestPR.mspx

 

 

Farid Essebar  aka  "Diabl0."

 

 

Un Hacker dans les filets de la police

Farid Essebar, à peine 18 ans, figure désormais parmi les célèbres hackers du monde. Le jeune Russo-marocain est présenté comme le créateur du virus «Zotob» ayant visé ABC, CNN et Daimler Chrysler... (aujourdhui 3/9/05)