|The Financial Times published a message on its
website about the worm to its readers.
Experts at SophosLabs™, Sophos's global
network of virus, spyware and spam analysis centers, have welcomed
news reports that authorities in Morocco and Turkey have arrested
two men in connection with computer worm attacks that hit
organizations such as CNN, ABC Television, The New York Times and
the Financial Times last week.
According to media
reports the FBI has confirmed that police arrested 18-year-old
Farid Essebar a resident of Morocco born in Russia, and 21-year-old
Atilla Ekici in Turkey on Thursday. The men are said to have gone
by the handles "Diabl0" and "Coder", which are mentioned in the
code of W32/Zotob-A.
The Zotob worms and related variants hit computers running
Windows 2000 at a number of high profile companies by
exploiting a security loophole in Microsoft's software.
"It appears that the computer crime authorities have moved very
quickly in this case, and it will be interesting to see how the
case progresses," said Graham Cluley, senior
technology consultant for Sophos. "Because these men will be
prosecuted in their countries of origin, rather than necessarily in
the countries where businesses were hit, many will be interested to
see how the investigations and cases brought against these men
compare with incidents in other parts of the world."
Since the first Zotob worm emerged on 14 August, a series of
variants and other malware have taken advantage of a critical
security hole in Microsoft's software: the MS05-039 Plug and Play vulnerability.
"Astonishingly the time between virus outbreak and arrest is
less than two weeks. The authorities were able to investigate
quickly and co-ordinate internationally to affect arrests in
Morocco and Turkey," continued Cluley. "Unfortunately, since the
Microsoft security hole became public knowledge it has become a
standard part of many virus writers' armory to include exploitation
of the flaw into their malicious code. All companies need to defend
themselves with security patches, up-to-date anti-virus software
and firewalls for the highest level of protection."
Sophos continues to recommend that companies protect all tiers
of their organization - their desktops, servers and email gateways
- with automatically updated anti-virus
software to reduce the risk of infection.