|  | 
| New Zotob Windows Worm Hits CNN, NY Times and ABC 
  Posted by Pile
   (7039 views)          [E-Mail link] |  
  |  | The ZOTOB virus appeared shortly after the world's largest software maker warned of three newly found "critical" security flaws in its software last week, including one that could allow attackers to take complete control of a computer.  However, the latest version of the virus seems to be targeting Windows 2000 servers, an old and bug-ridden Microsoft software that apparently many prominent companies are still using. It's hard to be sympathetic to these companies when they have many more resources than us small-timers who are completely immune to infection by these worms. |  | Users of Windows 2000 should be on guard, especially if they are not using a firewall, said Mikko Hypponen, director of antivirus research at software maker F-Secure. Zotob.A and Zotob.B scan the Internet for vulnerable systems using TCP port 445, a port typically blocked by a firewall, he said.
 
 When a target system is found by Zotob, it installs a shell program on the computer that downloads the actual worm code, named Haha.exe, using FTP (File Transfer Protocol). The newly infected system then starts searching for new computers to compromise.
 
 A second offshoot, Zotob.C, adds a mass-mailing capability, which means it can also spread by e-mail.
 
 The worm itself doesn't have a destructive payload, but the first two versions do let the attacker commandeer the infected machine. "It leaves an open back door. It could download anything,"
 |  | Like other worms, this version infects a user's computer, and then connects to IRC channels to let people know the computer is ready for exploitation.  We here at BSA feel this is the work of organized spammers, who still seem to feel immune from prosecution.  Perhaps if everyone called their district attorney and demanded the feds take action against these people, this stuff would stop.
 |  | 
 |  | 
 |  
 |