Authorities have arrested 21-year old Atilla Ekici of Turkey and 18-year Morrocan Farid Essebar for creating and spreading the Zotob, Mytob and Rbot internet worms, the FBI has revealed.

The arrests were made on Thursday after an investigation by the FBI in close collaboration with Microsoft traced the code back to the two individuals.

"We were able to put the information together based on the work of our Internet Crime Investigation team working with the FBI, relying on electronic data to identify where this was coming from," said Microsoft general counsel Brad Smith.

He touted that the arrests were made only two weeks after the surfacing of the Zotob worm.

"This reflects that our entire industry is able to move much more quickly today than was the case two years ago."

The Moroccan who used the screen name "Diabl0" is believed to be the author of the initial worms and Ekici, AKA "Coder" paid him for the code, Louis Reigell of the FBI's Cyber Division said in a conference call. He couldn't say how much was paid for the worms.

It is common for worm authors to sell their creations.

The Zotob worm made headlines because it surfaced only days after Microsoft had published a security advisory about the vulnerability that the worm exploited. In the following days numerous variants of the worm surfaced.

The worm mainly affected systems running Windows 2000. Infected computers were recruited for botnets and would power down or reboot unexpectedly, which at one point crippled se veral large enterprises including American Express, DaimlerChrysler, United Parcel Service and Kraft Foods.

Mytob first started surfacing in March and the FBI back then started investigating the worm. The investigation became "very aggressive", said Reigell, in the weeks after the Zotob worm surfaced. It provided additional pointers to the worm's origin and lead to the arrests.

There are reasons to believe that others were involved in the case and both Reigell and Smith said that they expected that additional arrests be made.

The duo will be prosecuted locally. The two countries lack strong cyber crime legislation but could be charged for consumer fraud. The FBI will help the prosecution by providing evidence for their crimes.