Network News

X My Profile
View More Activity

Zeroing In on Mytob-Zotob Crime Ring

Just days after announcing arrests of two men suspected of authoring and releasing the Zotob and Mytob worms, authorities in Turkey say they have identified a dozen or more other people who may be connected with the release of the worms and may have used them for profiteering.

Speaking at the High-Tech Crime Investigation Association's annual conference in Monterey, Calif. yesterday, Louis Reigel III, assistant director of the FBI's Cyber Division, said Turkish police and intelligence officials told him they had promising leads on 10 to 15 other individuals who may have been connected with the worms.

That information, first reported by, lends even more credence to the working theory that these two guys were a key piece in a much larger money-making conspiracy. Last week, Moroccan and Turkish authorities said they had evidence suggesting the two arrested men were feeding financial information stolen from computers infected by their worms to an organized credit-card fraud ring.

I spoke with Reigel briefly this afternoon by telephone, and he stressed that while there had been no additional arrests, the U.S. and international investigation is ongoing. Reigel said the new suspects appear to have links to the Turkish man arrested last Thursday, identified by authorities as 21-year-old Atilla Ekici, aka "Coder." The second man arrested, an 18-year-old Moroccan named Farid Essebar -- a.k.a "Diabl0" -- is accused of accepting money from Ekici to develop the worms.

Reigel said Turkish investigators have informed his office that none of the new suspects are thought to be involved in writing the worm, though he said he could not describe the exact nature of their involvement with Ekici.

"Our indication is that these guys are not just involved in hacking, but in a range of other cyber crimes also," Reigel said.

There is an increasing body of evidence that Ekici also was installing malware, according to security officials. Yesterday, I spoke with a security administrator for the University of Pennsylvania, who shared with Security Fix snippets of an online conversation he said he had with Diabl0 that indicates the arrested man also was installing spyware and adware on computers infected by the worms.

In related news, Finnish anti-virus maker F-Secure Corp. presents some interesting background on this Diabl0 character in its blog.

By Brian Krebs  |  August 30, 2005; 4:40 PM ET
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Another Critical IE Flaw Found
Next: Katrina Phishing Scams Begin

No comments have been posted to this entry.

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company