September 25, 2006
FBI National Press Office
Presents Certificates for "Exceptional Service"
Employees for Their Role in the Mytob/Zotob Investigation
D.C. On behalf of FBI Director Robert S. Mueller
III, FBI Cyber Division Assistant Director James E. Finch
today presented certificates for "Exceptional Service
in the Public Interest" to nine Microsoft employees
for their assistance in the swift resolution of the 2005
Mytob/Zotob computer worm investigation.
Director Finch said, "The Microsoft employees played
a vital role in the investigation which ultimately led to
the capture of three individuals responsible for authoring
and controlling the Mytob/Zotob computer worm that adversely
affected more than 100 U.S. companies including national
of the individuals, Farid Essebar and Achraf Bahloul were
arrested in Morocco, the third, Atilla Ekici, was arrested
in Turkey. Essebar and Bahloul have since been convicted
and sentenced by a Moroccan court for conspiracy, theft,
using forged credit cards, and illegal access to computer
systems. Essebar was sentenced to two years and Bahloul
was sentenced to one year in prison. The charges against
Ekici are still pending with Turkish authorities.
certificates today were the following Microsoft employees:
Smith, Senior Vice President
Tim Cranton, Senior Director
Scott Stein, Senior Attorney
Steve Santorelli, Senior Manager, Investigations
Frank Swiderski, Security Software Engineer
Rob Vucic, Security Software Engineer
Simona Long, Investigator
Stirling McBride, Senior Manager, Investigations
Val Saengphaibul, Technical Analyst
Director Finch said, "What happened in this case is
a textbook example of the cooperation necessary in this
new era of globalization to be successful in addressing
computer intrusions and other computer-supported criminal
operations. In Microsoft, we have an excellent partner and
today we acknowledge them in this small way."
Smith, senior vice president and general counsel at Microsoft,
said, "Microsoft is honored that Assistant Director
Finch came to Redmond to recognize our employees who assisted
in the Zotob investigation. The result of that collaboration
is an excellent example of how the public and private sectors
can and should work together to fight cyber crime. Microsoft
will continue to support law enforcement worldwide to identify
and hold responsible those who engage in cyber crime."
on the investigation:
mid-August, 2005, the Internet worm named "ZOTOB"
was released and subsequently identified by anti-virus companies.
Similarities between ZOTOB and a previously known worm,
MYTOB, suggested the same authors had developed and were
August 22, 2005, one FBI team was deployed to Rabat, Morocco
and one FBI team was deployed to Ankara, Turkey. The teams
were made up of FBI investigators, FBI malicious code experts,
and computer forensic experts.
August 23 and 24, FBI teams in both countries briefed and
held meetings with U.S. Embassy officials and host country
law enforcement. These meetings were used to brief the search,
arrest, investigative, and technical details.
August 25, 2005, Turkish and Moroccan authorities executed
search and arrest warrants on two individuals responsible
for the creation of the W32.Zotob variant. Turkish authorities
arrested a 21-year old resident of Turkey named Atilla Ekici,
aka "Coder." Ekici traded stolen credit cards
for the use of the Mytob and Zotob worms. Moroccan authorities
arrested 18-year old Farid Essebar, aka "Diabl0",
who wrote the W32.Zotob worm for financial motives. Shortly
after, Essebar's friend, Achraf Bahloul was also arrested
by Moroccan authorities.
| Press Releases | FBI
Home Page |