REDMOND, Wash. — Aug. 26, 2005 — Microsoft Corp. today commended Turkish and Moroccan law-enforcement authorities and the FBI for their prompt arrest of the individuals believed to be responsible for the creation and distribution of the recent Zotob and Mytob worms. Microsoft worked closely with law-enforcement agencies in the U.S. and overseas to provide investigative and technical support in the investigation.
On Thursday, Aug. 25, law-enforcement authorities in Morocco and Turkey arrested the individuals believed to be the authors and distributors of the worms, less than two weeks after the worms were unleashed.
Brad Smith, senior vice president and general counsel at Microsoft, said the company’s ongoing partnerships with global law-enforcement authorities help ensure that when malicious code such as Zotob and Mytob is released, that information is shared rapidly to help law enforcement identify and hold cybercriminals accountable for their actions and help protect customers.
“We congratulate the Turkish and Moroccan authorities and the FBI for finding and apprehending the alleged authors and distributors of the Zotob and Mytob worms so quickly,” Smith said. “This arrest demonstrates the value of public-private collaboration — the first-class investigative work by the authorities and round-the-clock technical and investigative support provided by our Internet Crime Investigations Team here at Microsoft. The results show clearly that cybercriminals will be identified, apprehended and held accountable for their actions.”
Microsoft’s Internet Crime Investigations Team supported the investigation with law enforcement immediately following the release of the two worms. Microsoft provided technical information and analytical support to the FBI on this case, which was then shared with Moroccan and Turkish authorities.
The most visible aspect of the Zotob worm is that it caused some computers running Windows® 2000, which did not have security update MS05-039 installed, to automatically restart. More important, the Zotob and Mytob worms infected unprotected computers, making it possible for them to be taken over or hijacked by an unauthorized person. Computers infected in this manner are commonly referred to as “bots” or “infected” or “zombie” computers. “Botnets” are groups of hijacked computers that all connect to a central control computer and await instructions, such as conducting a distributed denial of service attack, stealing personal information or sending spam.
Microsoft officials said the Zotob and Mytob worms have been less damaging than other network worms, in part because more customers have adopted a maintenance mindset to keep their devices safe, such as practicing good security behaviors, including using an Internet firewall, diligently installing security updates, using up-to-date anti-virus software, and using newer and more secure software.
Microsoft’s security and Internet safety efforts are focused in three primary areas. Technology investments improve the security of its products, improve the updating process, and provide new features and products that improve safety. Industry partnerships with business partners, customers, governments and law-enforcement agencies assist the development of policies and actions that can be enforced against cybercriminals. And prescriptive guidance and education provide broadly distributed, timely information to help customers make their systems more secure and protected from emerging threats.
About Microsoft
Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.
Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corp. in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://www.microsoft.com/presspass/ on Microsoft’s corporate information pages. Web links, telephone numbers and titles were correct at time of publication, but may since have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://www.microsoft.com/presspass/contactpr.mspx.
