Suspected Zotob authors arrested
Results 1 to 7 of 7

Thread: Suspected Zotob authors arrested

  1. #1
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325

    Suspected Zotob authors arrested

    Law enforcement officials have arrested two men suspected of unleashing of a pair of computer worms, including last week's Zotob, which hit servers at Holden, American Express, The New York Times and elsewhere.

    Farid Essebar, age 18, a Moroccan national born in Russia, was arrested in Morocco, and 21-year-old Atilla Ekici, a Turkish resident, was arrested in Turkey, Paul Bresson, a spokesman for the FBI, said on Friday. Both suspects were detained on Thursday and will be prosecuted in the countries in which they were arrested, Bresson said.

    Bresson said that Essebar, who went by the nickname "Diabl0," and Ekici, known as "Coder," are suspected of creating both the Mytob and Zotob worms.
    Read more @ ZDNet

    Do they ever make public how they catch these suspects?
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  2. #2
    Senior Member Cemetric's Avatar
    Join Date
    Oct 2002
    Posts
    491
    Do they ever make public how they catch these suspects?
    I guess by offering large amounts of money to anyone that can provide a good tip or good clues and maybe the whereabouts of the makers.

    So in other words ... the makers brag ...someone that's tired of the braging calls the FBI , rats and gets payed big time when these makers are convicted.

    As someone said once ... It's the human factor !!

    C.
    Back when I was a boy, we carved our own IC's out of wood.

  3. #3
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,252
    phishphreek80

    You know how the guys over at sans and dshield track traffic and what not, IMO I would say a combo of finding the starting location and then following the packet. No not the actual packet but the traffic.. Didn't this worm call home? I think it was scanning 1433 so wouldn't tracing traffic on that port - back to the source, be rather easy if you had the resources.

    Just rambling
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

  4. #4
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    Here is a picture of one of our fine friends being hauled off to jail. He looks very happy...

    http://news.com.com/2300-7349_3-5843998-1.html
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  5. #5
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    You would think though that is they can write intricate virii that you would work pretty hard to not getting yourself traced. I wonder how much the payout is for the stoolies that end up getting the authors caught?
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  6. #6
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,252
    Originally posted here by kr5kernel
    You would think though that is they can write intricate virii that you would work pretty hard to not getting yourself traced.
    Of course, but why? I write a bot to collect bank account info. I'm not so good at phishing, so I write my own little smtp engine and let the little thing replicate itself through address books around the world, editing host files and what not. My little virus now has to tell me what info it's gathered.

    Otherwise, my little bot just trashes your SAM or Reg and never lets me know how it's doing.
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

  7. #7
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    totally understood. And I guess thats why people at SAN are making the big box while the authors get arrested. he he.
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •