Buggy Code Halts Spread of Zotob

In the end, the much-feared Zotob worm became more of a localized nuisance than a widespread problem due to the design of the code itself. Mistakes by the coders of the worm in variants caused infected machines to reboot continuously, not giving most machines enough time to spread the worm to other vulnerable PCs.

The flaws gave IT personnel time to fight Zotob with patches provided by Microsoft, helping to prevent its spread. Thus, the overall damage caused by the worm was minimal.

However, even with the flaws in Zotob code, it managed to hit several prominent media outlets. The worm affected the Associated Press, The New York Times, ABC, and CNN - even causing CNN to break into regular news coverage to show newsroom computers rebooting continuously.

Although Zotob itself does not have a destructive payload, it includes backdoor capabilities, which connect the infected computer to an Internet Relay Chat channel to await remote instructions from a malicious user.

The critical vulnerability in Windows 2000 that opens the door for Zotob was actually patched by Microsoft last week, but system administrators claim they did not have enough time to roll out the update.

Microsoft last Friday chided security researchers for breaching "the commonly accepted industry practice of withholding vulnerability data so close to update release and have published exploit code."