Cooperating with the US-based FBI, Moroccan authorities have arrested Farid Essebar (alias "Diabl0") aged 18 and Turkish authorities have arrested Atilla Ekici (alias "Coder") aged 21. The suspects allegedly used the information stolen from infected computers for bankcard forgery.
Graham Cluely of Sophos praised the speed of investigation, "Astonishingly the time between virus outbreak and arrest is less than two weeks. The authorities were able to investigate quickly and co-ordinate internationally to affect arrests in Morocco and Turkey." Experts at Sophos and F-Secure have linked the “Diabl0” nickname to many other viruses.
The FBI and Turkish Authorities have since identified 16 more suspects, although they have not yet been arrested.
Microsoft provided technical expertise in tracing and identifying the suspects. Brad Smith of Microsoft explained, "From the worm's real-time attack, (the investigators) could derive technical information about what was going on." This is a in contrast to the Sasser case, where Sven Jaschan was turned in by “friends” for a reward.