Zotob suspect linked to other viruses

Arrested man may have been responsible for 20 other viruses

One of the two men arrested this weekend over the Zotob worm could have authored as many as 20 other viruses, according to security specialists Sophos. 

Farid Essebar, 18, a Russian resident of Morocco, is believed to use the alias 'Diabl0', a name that appeared in the Zotob A worm code. Sophos has found a similar name in the code of 20 other viruses, including Mydoom-BG and many versions of the Mytob worm. 

"To the untrained eye Mytob and Zotob can appear quite different: one group of viruses travels via email, the other primarily by exploiting a Microsoft security hole, " said Graham Cluley, senior technology consultant at Sophos. 

"However, when examined by an experienced virus analyst the similarities become clear. It appears that whoever wrote Zotob had access to the Mytob source code, ripped out the email-spreading section, and plugged in the Microsoft exploit."

Microsoft officials said that Zotob and Mytob have been less damaging than other network worms, in part because more customers are aware of the importance of keeping their devices safe by using firewalls, security updates and up-to-date antivirus software.

Brad Smith, senior vice president and general counsel at Microsoft, welcomed the announcement. "We congratulate the Turkish and Moroccan authorities and the FBI for finding and apprehending the alleged authors and distributors of the Zotob and Mytob worms so quickly," he said.

Smith added that Microsoft's Internet Crime Investigations Team supported the investigation with law enforcement agencies immediately following the release of the worms.

Microsoft provided technical information and analytical support to the FBI on this case, which was then shared with Moroccan and Turkish authorities.

"This arrest demonstrates the value of public-private collaboration, the first-class investigative work by the authorities and round-the-clock technical and investigative support provided by our Internet Crime Investigations Team," said Smith.

"The results show clearly that cyber-criminals will be identified, apprehended and held accountable for their actions."