WASHINGTON – Authorities in Morocco and Turkey have arrested two people believed to be responsible for unleashing a computer worm that infected networks at U.S. companies and government agencies earlier this month, the FBI said Friday.
Farid Essebar, 18, was arrested in Morocco, while Atilla Ekici, 21, was arrested in Turkey on Thursday, the FBI said. They will be prosecuted in those countries, the FBI said.
The Zotob worm (search) and its variations targeted computers that run Microsoft Corp. (MSFT) operating systems, with Windows 2000 (search) users most seriously affected.
The worm disrupted computer operations in mid-August at several large news organizations, including The Associated Press, ABC, CNN, and The New York Times, such companies as heavy-equipment maker Caterpillar Inc. and the federal Immigration and Customs Enforcement (search) bureau.
Microsoft played a role in locating the suspects, the FBI said.
The worm emerged just a week after the software giant had warned of a security flaw and released a "critical" patch for it, which is most severe on Windows 2000 systems. Those computers can be accessed remotely through the operating system's "Plug and Play" hardware detection feature.
Protective patches, plus instructions for cleansing infected systems, are available on the company's Web site.
Zotob and its variations can attack a computer without needing to open any software, so some users would be infected without knowing it.
But experts said the damage probably wouldn't be substantial because most companies made the necessary software fixes quickly.
Windows 2000 also is more than five years old, and Microsoft has released several new versions of its operating system and security overhauls since then, further limiting the exposure.