RSSZotob Worm Slams News Networks
By Nate Mook | Published August 17, 2005, 11:44 AM
Despite overall global infection rates remain low compared to viruses such as Sober, Windows 2000 systems at several news networks were hit hard by the Zotob worm on Tuesday, prompting CNN to break into regular programming to announce its computers were under attack and constantly rebooting.
Machines at the New York Times, ABC and a number of other organizations were also infected by Zotob, which copies itself into the Windows System folder and modifies a user's "hosts" file to prevent access to antivirus Web sites. The worm initiates an FTP server on port 3333 and scans IP addresses using port 445 for other vulnerable systems.
The critical vulnerability in Windows 2000 that opens the door for Zotob was actually patched by Microsoft last week, but system administrators claim they did not have enough time to roll out the update.
Microsoft on Friday chided security researchers for breaching "the commonly accepted industry practice of withholding vulnerability data so close to update release and have published exploit code."
Although Zotob itself does not have a destructive payload, variants of the worm are reported to cause computer shutdowns. The worms also include backdoor capabilities, which connect the infected computer to an Internet Relay Chat channel to await remote instructions from a malicious user.
"Around 5 p.m. problems began at CNN facilities in New York and Atlanta before being cleared up about 90 minutes later," the news organization said. Although most corporate networks are protected from outsiders, it is believed internal users were to blame for the problems by connecting already infected laptops.
Microsoft responded by downplaying the severity of the worm, calling it a "low threat for customers."
"News reports had indicated that there was potentially a new worm. We are not aware at this time of a new attack; instead our analysis has revealed that the reported worms are different variations of the existing attack called Zotob," Microsoft said in a statement.
"Zotob has thus far had a low rate of infection. Zotob only targets Windows 2000. Customers running other versions such as Windows XP, or customers who have applied the MS05-039 update to Windows 2000 are not impacted by this attack."
Windows 2000 is an excellent operating system, but poor users and administrators at these Media Companies obviously have no clue what they are doing.
When those security updates were released they were downloaded and installed to about 40 or so windows 2000 servers around our office. Only using terminal services to administrate that, which i consider to be the slowest approach.
How can multi-million dollar corporations with expensive tech support and on-site admin's miss those updates??
Score: 0
Microsoft responded by downplaying the severity of the worm, calling it a "low threat for customers."
WTF is this BS... Microsoft says that about every bug, glitch, & security hole people find... (Anyone remember how easy it was to steal files back in windows 95A?) Im so sick of being the guy handing out bills because I had to go fix a computer network for a business where they just don't know what to do themselves. Honnestly microsoft should be the bas****s paying the repair bills for a lot of companies.
www.borderrock.com
106.1 The Goat
Score: 0
That's probably a Microsoft "time to upgrade" notice.
Score: 0
"Machines at the New York Times, ABC and a number of other organizations were also infected by Zotob"
Man... that sounds like a virus I would write =p
Power to Zotob!!!
Score: 0
good thing where i work, we use Linux. wake up!!
Score: 0
And don't you forget that where you work, you use Linux, and have people that know what they're doing managing your systems.
Score: 0
anyone smart enough to run Linux, could make a worm eat itself.
Score: 0
CNN, ABC, The New York Times? ..and we're supposed to trust these people with the news.
Score: 0
That'll teach 'em. So there!
Score: 0
Are they trying to get win2k users to take a hint?
Score: 0