, SecurityFocus 2005-08-26
Story continued from Page 1
"This case happened very quickly and was successful because of our international relationships and because of the support from Microsoft," FBI's Reigel said "If we didn't have that cooperation, the investigation would still likely be going on to today."
Microsoft provided most of the technical assistance in tracking down the two suspects. While the Zotob worm was a public relations hit for the software giant, the worm left behind clues for the company's investigators to follow, said Brad Smith, senior vice president and general counsel for Microsoft.
"From the worm's real-time attack, (the investigators) could derive technical information about what was going on," he said. "We used that to follow the electronic trail aback to the source. They were able to dissect the worm ... and by monitoring the worm, were able to discern where it was coming from."
While the FBI had a case opened up since the Mytob bot software first appeared in March, it was the spread of the Zotob worm in the past two weeks that lead back to the worm's programmer, the FBI's Reigel said.
The FBI have evidence that Ekici paid Essebar to create the original Mytob bot software and the Zotob worm based on that bot software, Reigel said. The agency did not yet know how much was paid for the programmer's efforts.
The arrests were not due to an informant nor was a reward offered through the Anti-virus Reward Program, said Microsoft's Smith. That program had a recent success with the conviction of 19-year-old Sven Jaschan, the German teenager whose friends turned in for the $250,000 bounty that Microsoft offered.
Virus and worm writers are likely becoming more careful about their identities, Smith said.
"People who brag to their friends give their friends various opportunities to turn them in," he said.
While the Moroccan and Turkish men were working together, they likely had not met face to face, the FBI's Reigel said.
The FBI is not currently seeking extradition of the two men, stating that they would be prosecuted locally. While Turkey has an extradition treaty with the United States, Morocco does not, Reigel stated.
This article was updated Friday afternoon to include statements made by the FBI and Microsoft during a joint press conference. The original article was posted at 11:30 a.m. PDT on Friday.