Zotob and Mytob Worm Authors Arrested

An anonymous reader writes "The Washingtonpost.com is reporting that two men have been arrested for allegedly authoring and releasing the "Zotob" and "Mytob" worms. The first Zotob, released Aug 14 - just 4 days after Microsoft released a fix for the hole it exploited, infected systems at many major news outlets. Mytob remains one of the most pervasive worms on the 'Net today." From the article: "Moroccan authorities, working with the FBI, arrested Farid Essebar, 18, a Moroccan national born in Russia who went by the screen moniker 'Diabl0.' Arrested in Turkey was Atilla Ekici, aka 'Coder,' age 21. Both individuals will be subject to local prosecutions, the FBI said." Update: 08/26 20:56 GMT by Z : Nana Mous wrote to mention an eWeek blow by blow account of Microsoft's response to the worm. Very interesting read.

Informative link:

[TripMaster Monkey (862126)]

In the interest of stimulating more informed discussion, here is a link [prnewswire.co.uk] to a press release from Microsoft commending the Turkish and Moroccan authorities, as well as the FBI, for their prompt arrest of the suspects.

Re:Informative link:

[by Anonymous Coward]

in morroco if they ctch you hcking they will cut your pinkies off, it mkes cpitliztion rel bitch. trust me i know

With a name like...

[zetes (110457)]

Atilla, you don't need a cool alias - you already have one!

i always wondered

[tont0r (868535)]

what would someone that age get out of releasing something that would cost so much damage?? i realize you get the whole '3Y3 PWN3D J00R 4SS' effect, but still.

and also, i guess this shows more than russia has some awesome programmers :)

last tid bit:
Moroccan authorities, working with the FBI, arrested Farid Essebar, 18, a Moroccan national born in Russia who went by the screen moniker "Diabl0."
who the hell uses the term 'screen moniker'??

Re:i always wondered

[tundog (445786)]

and also, i guess this shows more than russia has some awesome programmers :)

Creating these viruses is easy. It takes a lot more skill to create a complex system than it does to find a crack in the foundation and exploit it. All that this really shows is that Russia has some 'unconscionable' programmers.

Fitting Punishment...

[by Anonymous Coward]

removing their virii and others as well as great software such as CoolWebSearch and their ilk all day EVERYDAY of their sentence.

how were they caught?

[dotpavan (829804)]

they had apparently commented the code: //.. @uthors: Farid Essebar, Atilla Ekici

Re:how were they caught?

[Deviant Q (801293)]

No no no, these days you've got to do it right... JavaDoc syntax!

/**
* @package Pwnz0ringVirusOfDeath
* @subpackage PwningModule
* @author Farid Essebar, Atilla Ekici
* @copyright Copyright © 2005, WePwnJ00 Inc.
*/

It's a real shame

[saskboy (600063)]

It's a shame that these idiot kids can't make a program that every computer [that runs Windows anyway] could use, and then when they get the urge to explot a Windows hole, they'd have a payload that would do more than cause reboots and crashes, and could do something useful like calculate something for medical science, patch the hole they exploit without doing damage, or play a podcast with a good message.

ANYTHING. The lack of creativity in today's vandals is just pitiful.

Re:It's a real shame

[TripMaster Monkey (862126)]

I'm still waiting for the virus that infects systems through vulnerabilities in IE or Outlook/OE, then:

• Installs Firefox
  
• Configures it to be the default browser
  
• Imports the IE favorites to the bookmarks,
  
• Edits the registry to disable IE as much as possible
  
• Installs Thunderbird
  
• Configures it to be the default email client
  
• Imports contents of Outlook and OE address book to Thunderbird
  
• Uninstalls Outlook Express and OE
  
• Deletes itself

The writer of this 'virus' should get a frickin' medal.

Re:It's a real shame

[MightyMartian (840721)]

I'm waiting for the worm that installs itself, grabs a baseball and begins beating the user over the head shouting in a William Shatner voice "Look... you fucking idiot... don't open... mail with attachments..."

Happy Bithday, Joshi

[unsigned integer (721338)]

Reminds me of the DOS 'Pac Man' virus ... everytime you typed a '.', a little pac-man would run out and eat it. It cracks me up everytime I think about it for some reason. Why don't we have some viruses that act more as 'creative grafitti', rather that pure tools of spam and DDoS slaves? If they are relatively benign enough, I could picture letting them run on my computer for kicks. :-)

Happy Birthday, Joshi.

Quick question.

[mctk (840035)]

How on earth do they find these people?

Re:Quick question.

[by Anonymous Coward]

from TFA they tried to run a bankcard scam with info they obtained from compromised machines.

What a bunch of shit

[Rosco P. Coltrane (209368)]

The worm also is thought to have temporarily disabled the systems that the U.S. Department of Homeland Security uses to screen airline passengers entering the United States.

Oh so the airport screening machines are on the internet, are they? I feel safer in the hands of people as competent as the DHS already...

Or more likely, this is just another piece of DHS propaganda designed to enphasize how dangerous those virus writers are. So dangerous they can disable our precious airport security systems! Terrorists!!

Re:What a bunch of shit

[freshman_a (136603)]

Oh so the airport screening machines are on the internet, are they?

Or more likely, someone brought in an infected laptop and connected it to the network...

Not that it's a much better situation, but just because a computer (or network) has a virus on it, does not mean it's on the internet.

Re:What a bunch of shit

[erroneus (253617)]

I have a hard time believing that they disabled any of the screening machines. I have operated most of the machines in use (a year ago anyway) and while the larger machines use Windows as the console, the machines themselves use Unix variants inside. The smaller machines are Unix variants on the console as well.

I can't speak for airports other than the one I worked at, but while the machines were capable of being networked, I saw no indication that they were actively used as anything but stand-alone machines. (That's not to say they weren't... just that I saw no indication of it.) To me it means that these machines aren't likely to have been infected unless a technician connected a laptop to it and inadvertently infected one. As much as I would like to bad-mouth DHS and the TSA, I can't in this area -- it just doesn't seem likely to me.

Now that said, I know all of their office systems are Windows and could have been vulnerable. But again, the systems at the airport I worked didn't have much in the way of network connections (most of the time, no network connection at all). So again, I don't think airport systems, administrative or operational were vulnerable to network infection. ...if I were recognised as even a little bit valuable to their operation from a network-security standpoint, I might have tried to make my career there, but alas, they only wanted me as a screener... (If you want to get promoted in the DHS, it's best if you are either non-white or female... bonus if you're both!) I guess this might be true of just about any government job but it really left a bitter taste behind with me.... oh well... enough off-topic complaints.

Re:What a bunch of shit

[Rosco P. Coltrane (209368)]

UPS != DHS

UPS is a commercial venture, they may have grave problems, but it's not a matter of national security.

The DHS on the other hand, given the important task of securing the homeland that they've been given, if they can't be trusted to use something other than Windows connected directly to the net to do their job, they should be kicked in the butt.

My suspicion however is that they're not that stupid, they probably do have secure systems and networks, and that's what leads me to deduce that the statement in TFA about kids half-way around the globe being able to disable airport security is a crock of shit. Either way, the DHS should be investigated, either for negligence, or for misleading the public.

Re:Young

[L. VeGas (580015)]

You know how it is. When you're young, it's hard to keep your worm to yourself.

Re:It's Windows

[PyroX_Pro (579695)]

Pointing at the emperor and throwing rocks at his balls are two very different things. They could of just pointed. They went the rocks at balls path.

Re:It's Windows

[crimethinker (721591)]

I'd like to abuse your metaphor in a different way than the other posters.

Imagine that a clothing company uses very shoddy materials and cuts corners in its production, yet they are popular enough that 9 out of 10 people will be wearing that brand of clothing. The clothes are crap, sub-standard, and you just know that if people realized this, the company would either improve, or people would buy their clothes elsewhere. To that end, you walk down a busy street and grab a handful of cloth every which way, easily ripping the shirts off 9 out of 10 women who pass by you.

Should you be jailed for "merely" demonstrating this weakness?

-paul

Uhhh, what gave you that idea?

[Sycraft-fu (314770)]

#1, most countries have laws against hacking/viruses/etc. Hence the reason they are being prosecuted locally. They broke a law in their country so it'll be handled there. However #2, law enforcement around the globe cooperates. We don't want criminals to be able to escape prosecution simply be conducting crimes across national lines, or fleeing to another country.

So, what probably happened here is what happens all the time, the FBI had evidence that one of the authors was Moroccan so they got a hold of Moroccan police and gave them the information they had. Moroccan police investigated and have now arrested a suspect.

I fail to see the problem here.

Re:Morocco and Turkey, eh?

[cpghost (719344)]

Turkey and Morocco are amongst America's most trusted allies. Turkey is member of NATO, and Morocco was granted by the US the status of most important ally outside NATO, and we have a free trade agreement with Morocco as well.

Oh, and btw., America's oldest friendship treaty (non broken) with a foreign nation was with... right: Morocco. Signed on our side by Thomas Jefferson himself.

Re:Morocco and Turkey? Bleh

[Khalid (31037)]

Well moroccan prisons are certainly not five stars hotels, but I am pretty sure that it's much much more confortable for this guy to have it's trial in his home country rather than in the US nowdays with all the terrorist paranoia going in this country.

I am a Moroccan national, and I have partically renounced travelling to the US after all the horrors stories people I know have told me they have faced in US airports.

Morocco is not really a democratic country (yet), but things are slowly evolving in the good way and nothing similar to Abu Ghraib or Guantanamo has happened lately in Morocco, since Tazmamart which was really horrible for those who have heard about it.

Re:Diabl0 & Coder should be given medals

[bcuriel (858344)]

I'm assuming you didn't read any of the articles above.

The exploit was for a patch MICROSOFT HAD ALREADY RELEASED. They were merely taking advantage of the hole that Microsoft revealed by making the patch available.

I fail to see how these guys deserve anything but the punishment they are getting.