News Stay informed about the latest enterprise technology news and product updates.

Zotob investigation leads to two arrests

Officials from Microsoft and the FBI say two men -- one from Turkey, the other from Morocco -- have been arrested in connection with last week's Plug and Play attacks.

Two men -- one from Turkey, the other from Morocco -- have been arrested in connection with last week's Plug and Play attacks, officials from Microsoft and the FBI said Friday afternoon.

The FBI announced the following arrests in a statement:

  • Farid Essebar, 18, a Moroccan national born in Russia who went by the screen moniker "Diabl0."
  • Atilla Ekici, also known as "Coder," a 21-year-old resident of Turkey.

"With the help of Moroccan authorities, Ministry of Interior Turkish National Police, and valuable assistance from

More about last week's Plug and Play attacks

How "limited" malcode pulled off the year's biggest attack

Worms targeting Windows Plug and Play go global

Microsoft Corp., these individuals were arrested yesterday without incident," the FBI said. "Both individuals will be subject to local prosecutions."

In a conference call to the media Friday afternoon, FBI Cyber Division Assistant Director Louis M. Reigel III said, "This happened very quickly as a direct result of effective coordination and serves as a good example of what we can achieve when we work together."

"It's clearly noteworthy we were all able to see such fast action through multiple countries and jurisdictions," Microsoft Senior Vice President and General Counsel Brad Smith said during the call. "This public-private collaboration is a model for future successes in addressing these kinds of problems."

Reigel and Smith said the investigation is ongoing and that it's too early to discuss possible motives for last week's attack, in which multiple variants of Zotob and other worms targeted the Plug and Play flaw in Windows 2000. Microsoft released a patch for the vulnerability Aug. 9. Corporate networks around the world suffered most from the attacks, including news organizations like CNN, ABC and The New York Times.

Smith said Microsoft's Internet Crime Investigations Team supported the investigation with law enforcement immediately following the worms' release. Microsoft provided technical information and analytical support to the FBI, which then shared the intelligence with Moroccan and Turkish authorities.

Reigel said at this point it appears both men were working together. "We're not sure if they were working face to face, but there are indications they worked together on the Internet," he said, adding that the Turkish man was not initially involved in writing code for Zotob. He also said extradition of both men to the United States is unlikely at this point. "Both countries [Morocco and Turkey] are going to charge those individuals," he said. "The FBI will provide as much evidence as needed for them to be prosecuted in their own countries."

Dig Deeper on Information security laws, investigations and ethics

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.