« Updated Microsoft Malware Removal Tool (August, 2005) | Main | Zotob Removal Tools »

New Worms: Zotob

A new network worm is on the loose, this one affecting Microsoft Windows 2000 systems specifically. The vulnerability exploited by the worm, MS05-039: "Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege", was disclosed less than a week ago during Microsoft's August "Patch Tuesday". Exploit code was released later in the week.

At least two variants are now found in the wild, Zotob.A and Zotob.B. The B variant is only slightly different than the A strain, which scans for vulnerable hosts, transfers the worm executable to the victim, and uses an IRC server to control the growing botnet. Some links for more information:

Read up and make sure that you're protected.

August 15, 2005 in malware , microsoft, new worms, Zotob | Permalink
Tell others: digg submit | del.icio.us this | Reddit

Comments

this is an example of rage against time. how long you wait b4 worm appear :)

Posted by: khilmi | Aug 17, 2005 9:02:39 AM

Stop me if you've heard this before, but...

Why did people think that Windows 2000 (or currently, Windows XP) would not see a horrible worm like this sooner, rather than later? Doesn't this sort of thing mean "shift to a POSIX-compliant system now"? If not linux, what about FreeBSD, or NetBSD or OpenBSD or QNX? Once you re-write to a POSIX-compliant base (or use autoconf/automake or write in Python, or ...) it's easy to jump to a platform that doesn't have plagues of worms and viruses following it around.

What about having a varied infrastructure? Despite all the Wagg-Ed propaganda that responded to Dan Geer's monoculture report, the idea has some merit, eh? Maybe your POS machines get hit, but the ticket scanners and the cast-dispatch systems don't go down.

Windows - too complicated to secure?

Posted by: Bruce Ediger | Aug 18, 2005 2:13:49 PM

The comments to this entry are closed.