By Andy Sullivan
Authorities in Morocco and Turkey have arrested two men for unleashing computer worms that disrupted networks across the United States last week, the FBI said on Friday.
Farid Essebar, 18, of Morocco, and Atilla Ekici, 21, of Turkey, are believed to have been responsible for the Zotob worm that hit the Internet less than two weeks ago, along with predecessors called Rbot and Mytob released earlier, the FBI said.
Zotob caused computer outages at more than 100 U.S. companies, including major media outlets like CNN and The New York Times, but it did not create widespread havoc along the lines of previous malicious software programs like SQL Slammer and MyDoom.
Close teamwork among the FBI, Microsoft Corp. and authorities in Morocco and Turkey was essential to the case, said FBI Cyber Division Assistant Director Louis Reigel.
"This case happened very quickly," Reigel said on a conference call. "Had we not had those entities involved in this investigation, I suspect it would still be ongoing today."
Reigel said Essebar wrote the malicious code and provided it to Ekici for a fee.
The two men will face prosecution in their native countries and FBI officials will provide evidence, he said.
Zotob targeted a recently discovered flaw in the Plug and Play feature of Microsoft's Windows 2000 operating system. Newer versions of the software were not affected.
Users who heeded a prior warning from Microsoft and updated their systems were not victimized by the worms, but those who did not keep their systems up to date could have their computers taken over by remote servers or see them shut down and start back up repeatedly.
Microsoft general counsel Brad Smith said the worms had a limited impact because more consumers were keeping their software up to date and using firewalls and anti-virus software.
The software industry was taking threats more seriously as well, he said.
Microsoft's team of 50 investigators was able to analyze the worms and find out where they were coming from, he said. The team began work on the case in March after the release of Mytob, but Zytob provided the evidence to track them down, he said.
"We have important work ahead of us to strengthen computer security but we've also come a long ways in a short time, and the fact that we were able to see these arrests in less than two weeks and see them halfway around the world really drives that point home," Smith said.
Copyright 2005 Reuters Limited.
NOTE: For more telecom/internet/networking/computer news from the daily media, check out our feature 'Telecom Digest Extra' each day at