Press Release

For Immediate Release
September 25, 2006

Washington D.C.
FBI National Press Office
(202) 324-3691

FBI Presents Certificates for "Exceptional Service" to Microsoft
Employees for Their Role in the Mytob/Zotob Investigation

Washington, D.C. — On behalf of FBI Director Robert S. Mueller III, FBI Cyber Division Assistant Director James E. Finch today presented certificates for "Exceptional Service in the Public Interest" to nine Microsoft employees for their assistance in the swift resolution of the 2005 Mytob/Zotob computer worm investigation.

Assistant Director Finch said, "The Microsoft employees played a vital role in the investigation which ultimately led to the capture of three individuals responsible for authoring and controlling the Mytob/Zotob computer worm that adversely affected more than 100 U.S. companies including national news organizations."

Two of the individuals, Farid Essebar and Achraf Bahloul were arrested in Morocco, the third, Atilla Ekici, was arrested in Turkey. Essebar and Bahloul have since been convicted and sentenced by a Moroccan court for conspiracy, theft, using forged credit cards, and illegal access to computer systems. Essebar was sentenced to two years and Bahloul was sentenced to one year in prison. The charges against Ekici are still pending with Turkish authorities.

Receiving certificates today were the following Microsoft employees:

Brad Smith, Senior Vice President
Tim Cranton, Senior Director
Scott Stein, Senior Attorney
Steve Santorelli, Senior Manager, Investigations
Frank Swiderski, Security Software Engineer
Rob Vucic, Security Software Engineer
Simona Long, Investigator
Stirling McBride, Senior Manager, Investigations
Val Saengphaibul, Technical Analyst

Assistant Director Finch said, "What happened in this case is a textbook example of the cooperation necessary in this new era of globalization to be successful in addressing computer intrusions and other computer-supported criminal operations. In Microsoft, we have an excellent partner and today we acknowledge them in this small way."

Brad Smith, senior vice president and general counsel at Microsoft, said, "Microsoft is honored that Assistant Director Finch came to Redmond to recognize our employees who assisted in the Zotob investigation. The result of that collaboration is an excellent example of how the public and private sectors can and should work together to fight cyber crime. Microsoft will continue to support law enforcement worldwide to identify and hold responsible those who engage in cyber crime."

Background on the investigation:

In mid-August, 2005, the Internet worm named "ZOTOB" was released and subsequently identified by anti-virus companies. Similarities between ZOTOB and a previously known worm, MYTOB, suggested the same authors had developed and were controlling both.

On August 22, 2005, one FBI team was deployed to Rabat, Morocco and one FBI team was deployed to Ankara, Turkey. The teams were made up of FBI investigators, FBI malicious code experts, and computer forensic experts.

On August 23 and 24, FBI teams in both countries briefed and held meetings with U.S. Embassy officials and host country law enforcement. These meetings were used to brief the search, arrest, investigative, and technical details.

On August 25, 2005, Turkish and Moroccan authorities executed search and arrest warrants on two individuals responsible for the creation of the W32.Zotob variant. Turkish authorities arrested a 21-year old resident of Turkey named Atilla Ekici, aka "Coder." Ekici traded stolen credit cards for the use of the Mytob and Zotob worms. Moroccan authorities arrested 18-year old Farid Essebar, aka "Diabl0", who wrote the W32.Zotob worm for financial motives. Shortly after, Essebar's friend, Achraf Bahloul was also arrested by Moroccan authorities.

| Press Releases | FBI Home Page |