Authorities have arrested an 18-year-old Moroccan man and a 21-year-old Turkish resident in connection with the Internet worm Zotob that crashed computer networks last week at major companies including The New York Times and credit card giant Visa.

Farid Essebar, a Moroccan national born in Russia, was arrested in Morocco, and Atilla Ekici was arrested in Turkey with the help of local law enforcement, said Louis M. Reigel III, assistant director of the FBI’s cyber division.

Both individuals will be subject to local prosecutions, the bureau said on Friday. FBI officials said Mr. Essebar wrote the code for the worm and paid Mr. Ekici to distribute it.

“There was a financial relationship between the two individuals though we don’t know if they were working for a larger organization,” said Mr. Reigel.

The arrests come less than two weeks after the Zotob worm first began exploiting a vulnerability in Microsoft’s Windows operating system. First detected on August 14, Zotob infected thousands of computers worldwide in its four-day run.

The two individuals arrested are also suspected of writing the Mytob and the Rbot worms. The Mytob worm was discovered in February of this year, while Rbot is a family of worms discovered in June 2004. Both try to gain backdoor entry into users’ computers to steal data and credit card details, or just to use the machines as spam relays.

‘Business Worm’

While past worms have mainly targeted home users, Zotob was particularly worrisome as it preyed on enterprises, possibly seeking corporate data and trade secrets (see Zotob Heralds ‘Business Worm’). It’s unclear what information if any was stolen.

The FBI and Microsoft declined to comment on the monetary damages caused by the Zotob worm or if the worm was actually released to steal data, citing the reason that the investigation was still in its early stages.

Mr. Essebar went by the screen moniker "Diablo," while Mr. Ekici was known as "Coder," the FBI said.

“We are not sure if the two individuals knew each other face to face, but they certainly had an Internet relationship,” said Mr. Reigel.

The two suspects are not, however, being held responsible for the many variants of the Zotob worm that eventually blazed through computer networks. More than 18 variants of the Zotob worm were detected in less than a week.

Authorities were on the trail of the suspects in late March, a month after the Mytob worm was released, but the investigation heated up in the last two weeks after the Zotob worm made its appearance, said Brad Smith, Microsoft’s general counsel.

The two suspects will be tried in their home countries. The United States has an extradition treaty with Turkey but does not have one with Morocco.

Weaker Cyber Crime Laws

Microsoft and the FBI said they will be happy to see the duo put on trial in their home countries, though cyber crime laws are hazy there and not as advanced as those of the U.S.

“Every country has some kind of consumer protection statute under which it is frequently possible to successfully prosecute suspects in cyber crime,” said Mr. Smith.

It is not clear what charges will be brought against the two suspects. The FBI said that it has not had a chance to look at the suspects’ charge sheets. The computers seized during the arrests and all other evidence will remain with the local authorities of the two countries, the FBI said.

Zotob began to spread four days after Microsoft released a note detailing a vulnerability in its plug-and-play feature for Windows 2000. It was an insidious worm, installing a backdoor entry into infected computers. And the worm spread quickly because many corporate users failed to download the vulnerability patch in time to prevent an outbreak in their networks (see Zotob Variant Hits Big Media).

“In today's world of sophisticated technology, cyber criminals need very few tools to carry out their crimes,” said Mr. Reigel. “With a few strokes on a keyboard and a click of a mouse, malicious computer code can instantly spread across computer networks all over the world causing significant damage and dollar loss.”

Microsoft’s Crime Busters

Microsoft, the biggest target of worm and virus attacks, has been aggressively working to catch worm and virus writers. The Redmond giant has a 50-member Internet Crime Investigation Team that has been working on security-related incidents.

“The reality is that for any company that has popularly used products, it is a fact of life that there will be individuals who would want to attack the products,” said Mr. Smith. “But with our efforts, we have shown that we are very focused on security and it is our highest priority.”

In November 2003, the company created a $5-million anti-virus reward fund as a bounty to track down authors of malicious code.

The first payout was in July of this year when the company rewarded two individuals who helped track the creator of the Sasser worm, Sven Jaschar. The informants were given a $250,000 reward to share (see Sasser Informants Get Reward).

In the Zotob case, Microsoft and the FBI said that they received no tip-offs that led to the arrests. The trail to the suspects had been developed by the investigation team that included the FBI and Microsoft.