« Adaptive Detection Of Worms/viruses In Firewalls | Main | A financial twist to the Zotob case »
Turk, Moroccan nabbed in huge worm case
CNN is reporting that there has been a pair of arrests in the investigation into the Zotob and Mytob worm cases. The report says that a 21-year old resident of Turkey and an 18-year-old Moroccan were arrested in their home countries in an international investigation.Farid Essebar, a Moroccan who used the screen name "Diabl0," and Attilla Ekici of Turkey, who used the moniker "Coder," were arrested in their home countries by authorities who cooperated with U.S. investigators in tracking the origins of the Mytob worm and its damaging variant, Zotob.Source: Turk, Moroccan nabbed in huge worm case, August 26, 2005.FBI officials said the two men are expected to be prosecuted by the governments of their home countries.
Microsoft has a comment in a press release, as well, on the arrest. They reportedly participated in the investigation:
“We congratulate the Turkish and Moroccan authorities and the FBI for finding and apprehending the alleged authors and distributors of the Zotob and Mytob worms so quickly,” [Brad] Smith said. “This arrest demonstrates the value of public-private collaboration — the first-class investigative work by the authorities and round-the-clock technical and investigative support provided by our Internet Crime Investigations Team here at Microsoft. The results show clearly that cybercriminals will be identified, apprehended and held accountable for their actions.”Source: Microsoft Commends Turkish and Moroccan Authorities and the FBI on the Arrest of the Alleged Authors of the Recent Zotob and Mytob Worms, Microsoft Press Release, August 26, 2005.
eWeek has a story on the Microsoft response to the Zotob worm and the release of an obviously wormable vulnerability in MS05-039, released on the August, 2005, patch Tuesday:
"This is something we had created an entire process around and we were much better prepared this time," he said. "Our process is working, and it's working very well."Source: Inside Microsoft's Zotob Situation Room, by Ryan Naraine for eWeek, posted August 26, 2005.That process, Toulouse explained, started long before Patch Tuesday. "Whenever we're dealing with critical updates, one of the things we do is really look very hard at the attack vectors. What are the ways people will try to exploit this? How easy is it to create and unleash a worm? We attack the flaw just like the attacker would, and we knew up front that this one would be trouble.
"We had three critical bulletins in August but, in the case of the Plug and Play vulnerability, we knew there was a remote, unauthenticated attack vector affecting Windows 2000. Whenever there's a remote, unauthenticated attack vector, it sends up major red flags," Toulouse said.
August 26, 2005 in government, Zotob | Permalink
Tell others: digg submit
|
del.icio.us this
|
Reddit
Comments
The comments to this entry are closed.
