Authorities in Morocco and Turkey have arrested two people believed responsible for a computer worm that infected networks at U.S. companies and government agencies earlier this month.
Farid Essebar, 18, was arrested in Morocco, while Atilla Ekici, 21, was arrested in Turkey on Thursday, Louis M. Riegel, the FBI’s assistant director for cyber crimes, said Friday. They will be prosecuted in those countries, Riegel said.
Essebar wrote the code that attacked computers that run Microsoft Corp. operating systems and Ekici paid him for it, Riegel said. It’s unclear they ever met, “but they certainly knew each other via the Internet,” he said.
Riegel said he does not know how much money changed hands. Microsoft and FBI officials also declined to estimate the monetary damage done by the Zotob worm and its variations.
(MSNBC is a Microsoft - NBC joint venture.)
The pair also is believed responsible for an earlier worm, Mytob, that first showed up in February, Riegel said.
The Zotob worm and its variations targeted computers that run Microsoft Corp. operating systems, with Windows 2000 users most seriously affected.
The worm disrupted computer operations in mid-August at several large news organizations, including The Associated Press, ABC, CNN, and The New York Times; such companies as heavy-equipment maker Caterpillar Inc.; and the federal Immigration and Customs Enforcement bureau.
Microsoft played a large role in locating the suspects, said Riegel and Microsoft general counsel Brad Smith.
The worm emerged just a week after the software giant had warned of a security flaw and released a “critical” patch for it, which is most severe on Windows 2000 systems. Those computers can be accessed remotely through the operating system’s “Plug and Play” hardware detection feature.
Protective patches, plus instructions for cleansing infected systems, are available on the company’s Web site.
Zotob and its variations can attack a computer without needing to open any software, so some users would be infected without knowing it.
Experts said the damage probably wouldn’t be substantial because most companies made the necessary software fixes quickly.
Windows 2000 also is more than five years old, and Microsoft has released several new versions of its operating system and security overhauls since then, further limiting the exposure.