Authorities in Morocco and Turkey have arrested two people thought responsible for a computer worm that infected networks at U.S. companies and government agencies...
WASHINGTON — Authorities in Morocco and Turkey have arrested two people thought responsible for a computer worm that infected networks at U.S. companies and government agencies earlier this month.
Farid Essebar, 18, was arrested in Morocco, while Atilla Ekici, 21, was arrested in Turkey on Thursday, Louis Riegel, the FBI’s assistant director for cyber crimes, said yesterday. They will be prosecuted in those countries, Riegel said.
Essebar wrote the code that attacked computers that run Microsoft operating systems and Ekici paid him for it, Riegel said. It’s unclear they ever met, “but they certainly knew each other via the Internet,” he said.
Riegel said he does not know how much money changed hands. Microsoft and FBI officials also declined to estimate the monetary damage done by the Zotob worm and its variations.
Most Read Stories
- Calling their bluff: A Seattle doctor pegs what the GOP health bill is really about | Danny Westneat
- Investigators’ task to find out why U.S. destroyer failed to dodge cargo ship
- Police investigate officer who shot Charleena Lyles after he left Taser in locker
- Mike Hopkins beats out former team to secure Hameir Wright for UW men's basketball
- Kent police fatally shoot man after car chase
The men are believed responsible for an earlier worm, Mytob, that first showed up in February, Riegel said.
The Zotob worm and its variations targeted computers that run Microsoft operating systems, with Windows 2000 users most seriously affected.
The worm disrupted computer operations earlier this month at several large news organizations, including The Associated Press, ABC, CNN, and The New York Times; such companies as heavy-equipment maker Caterpillar; and the federal Immigration and Customs Enforcement bureau.
Microsoft played a large role in locating the suspects, said Riegel and Microsoft general counsel Brad Smith.
The worm emerged just a week after the software giant had warned of a security flaw and released a “critical” patch for it, which is most severe on Windows 2000 systems. Those computers can be accessed remotely through the operating system’s “Plug and Play” hardware detection feature.
Protective patches, plus instructions for cleansing infected systems, are available on the company’s Web site.
Zotob and its variations can attack a computer without needing to open any software, so some users would be infected without knowing it.
Experts said the damage probably wouldn’t be substantial because most companies made the necessary software fixes quickly.
Windows 2000 also is more than five years old, and Microsoft has released several new versions of its operating system and security overhauls since then, further limiting the exposure.