RSS'Zotob' Worm Makes Windows Rounds
By Nate Mook | Published August 15, 2005, 12:22 PM
A new worm has been detected spreading on unpatched Windows systems faster than previous worms, but reported infections have remained low for the moment. Dubbed "Zotob" by antivirus vendor Trend Micro, the worm takes advantage of a critical security hole in Windows that was patched last week.
On Friday, Microsoft acknowledged that exploit code had surfaced for at least two of the three vulnerabilities recently announced. The company said it was "disappointed that certain security researchers have breached the commonly accepted industry practice of withholding vulnerability data so close to update release and have published exploit code."
Zotob works by copying itself into the Windows System folder as either BOTZOR.EXE or CSM.EXE, and modifies a user's "hosts" file to prevent access to antivirus Web sites. The worm initiates an FTP server on port 3333 and scans IP addresses using port 445 for other vulnerable systems.
"Hundreds of infection reports were sighted in the United States and Germany," Trend Micro officials said in a statement.
Aside from propagating itself, however, Zotob also has built in backdoor capabilities. The worm connects to an Internet Relay Chat channel and awaits remote instructions from a malicious user. Due to such actions, Trend Micro has rated Zotob's damage potential as "high."
Trend recommends that Windows users ensure they have installed the latest patches from Microsoft and run an up-to-date antivirus utility.
"Now anyone that doesn't have a legit copy of Windows was unable to patch"
Can you imagine Microsoft doing THAT ?
It's like not mailing your vehicle insurance card to someone who stole your car !
The Computer Rodent
Score: 0
|You know what, the worm only works on Windows 2000 systems. It says so here: http://www.microsoft.com...ity/incident/zotob.mspx
So don't judge and do the normal "I hate Microsoft" crap you people do.
BTW, you shouldnt hav a pirated version of windows anyways.
Score: 0
|That's only for variant A. Variants B & C infect XP systems also. Previous versions of Windows seem to be unaffected.
Score: 0
|A majority of MS exploits are discovered by Security Researchers, most of them notify MS of the exploit and do not publish until MS releases the patch(s).
The reason a worm was created on this one, is due to the wonderful Windows Genuine Advantage. Now anyone that doesn't have a legit copy of Windows was unable to patch, even those people that didn't want to install that program. It's almost like this worm helps MS. Windows Genuine Advantage force released, few days later Windows patches for numerous exploits, few days later worm is released. Only people worried are the pirates! haha.
Yes, they say as long as you have Windows set to Automatically Update on its own, you'll have no problem. However, when I tested that process, I was still with no updates.
So, lesson to all here:
MS: Learn to test your software, QA, maybe you'll catch some of these exploits..considering you have the source code.
Users: If you don't have a legit copy of Windows, time to go buy one, Battlefield 2 will have to wait.
If we all work together, we can accomplish....nothing in this case, but it sounded nice!
::Start By mjm01010101 ::
posted Aug 15, 2005 - 3:15 PM
People don't read much anymore. Whether or not you have a legit copy of windows, you'll get the patches if you have automatic updates turned on. this is, has, and always will be Microsoft's policy for Windows XP.
:: End ::
::my response:: Mcfly, did you not read my entire post? lol. People don't read do they. I set mine to automatic updates tuesdays @ 4pm. Now when I got home, no updates have been applied, so I switched to 1am everyday, wednesday morning, no updates applied...By this time that exploit was released. So given the policy, is there a time delay on how long it takes to release thru automatic updates? Also, I recall they had an issue this time around... My advise to you, read a little more. So by saturday morning, your too late.
Score: 0
|People don't read much anymore. Whether or not you have a legit copy of windows, you'll get the patches if you have automatic updates turned on. this is, has, and always will be Microsoft's policy for Windows XP.
Score: 0
|Any copy of Windows will still be able to get critical updates. WGA only applies to special bonus software it has nothing to do with critical updates. Find out more about WGA before you blame it.
My home computer got the critical updates 2 days after my work computer. I doubt that they send out critical updates to 100's of millions of computers simultaneously.
Score: 0
|WGA applies to all/any downloads from the "Windows Update" web site and Microsoft's download section. I have personal experience where I needed to 'validate' on both sections. Not sure about the "automatic updates."
Score: 0
|critical updates go through no matter what. MS learned their lesson from lovsan. They're almost force-feeding all of their critical updates now.
Score: 0
|Sadley my network has not patched since last tuesday. I warned our head network admin...of course my division of pc's are patched.
Score: 0
|=(((
Oh man. That's a bummer.
Score: 0
|Provided you don't have pnp exposed to the internet, you should be ok until the patches can be applied. The only really serious risk with that would be someone bringing it in on a laptop.
Score: 0
|With WSUS I didn't need to do a thing. I was out on vacation all last week and when I came back on Friday only servers needed confirmation of updating. By Saturday morning we were 100% patched, probably 10 minutes worth of effort.
Score: 0
|ewww... that sounds a lot like the lovsan virus. Hopefully people have learned their lessons and have patched their systems.
Score: 0
|They never do. Not the vast majority anyway.
Score: 0
|