More Zotob arrests could be made after Turkish officials told the FBI they have identified a further 16 suspects.
Louis Reigel, assistant director of the FBI's cyber division revealed investigations were continuing at the High-Tech Crime Investigation Association's annual conference in California after the arrest of two suspects last week.
"As the authorities investigate more deeply into this case they are likely to uncover traces of communication and connections between different internet criminals," said Graham Cluley, senior technology consultant at antivirus company Sophos. "The arrests of two people last week could lead to the break-up of a much larger internet gang."
According to Sophos the two suspected virus writers arrested in Morocco and Turkey could be responsible for 20 other viruses, operating as part of a large virus writing group. Russian-born 18-year-old Farid Essebar used the handle "Diab10" which has appeared within the code of many viruses within the last year, including the widely propagated Mytob worm.
"To the untrained eye the Mytob and Zotob worms can appear quite different: one group of viruses travels via email, the other primarily by exploiting a Microsoft security hole," said Cluley. "It appears that whoever wrote Zotob had access to the Mytob source code, ripped out the email-spreading section, and plugged in the Microsoft exploit."