New Zotob Windows Worm Hits CNN, NY Times and ABC

Posted by Pile (6714 views) Add this story to MyYahoo Add this article to Submit article to Reddit Add story to Furl Add story to StumbleUpon [E-Mail link]

The ZOTOB virus appeared shortly after the world's largest software maker warned of three newly found "critical" security flaws in its software last week, including one that could allow attackers to take complete control of a computer. However, the latest version of the virus seems to be targeting Windows 2000 servers, an old and bug-ridden Microsoft software that apparently many prominent companies are still using. It's hard to be sympathetic to these companies when they have many more resources than us small-timers who are completely immune to infection by these worms.

Users of Windows 2000 should be on guard, especially if they are not using a firewall, said Mikko Hypponen, director of antivirus research at software maker F-Secure. Zotob.A and Zotob.B scan the Internet for vulnerable systems using TCP port 445, a port typically blocked by a firewall, he said.

When a target system is found by Zotob, it installs a shell program on the computer that downloads the actual worm code, named Haha.exe, using FTP (File Transfer Protocol). The newly infected system then starts searching for new computers to compromise.

A second offshoot, Zotob.C, adds a mass-mailing capability, which means it can also spread by e-mail.

The worm itself doesn't have a destructive payload, but the first two versions do let the attacker commandeer the infected machine. "It leaves an open back door. It could download anything,"

Like other worms, this version infects a user's computer, and then connects to IRC channels to let people know the computer is ready for exploitation. We here at BSA feel this is the work of organized spammers, who still seem to feel immune from prosecution. Perhaps if everyone called their district attorney and demanded the feds take action against these people, this stuff would stop.


1 Article displayed.

Pursuant to Section 230 of Title 47 of the United States Code (47 USC § 230), BSAlert is a user-contributed editorial web site and does not endorse any specific content, but merely acts as a "sounding board" for the online community. Any and all quoted material is referenced pursuant to "Fair Use" (17 U.S.C. § 107). Like any information resource, use your own judgement and seek out the facts and research and make informed choices.

Powered by Percleus (c) 2005-2047 - Content Management System

[Percleus 0.9.5] (c) 2005, PCS