Please support our Tech Talk advertiser:
Featured Entry 
Aug 16th, 2005, 7:57 pm
•
•
•
•
Attention Microsoft Users --
As of late Tuesday afternoon Chicago time, major news networks are reporting being affected by a new bug called Zotob. It affects Microsoft systems, as described in a Microsoft Bulliton MS05-039, a document that was released earlier this month. CERT sources say that they have seen several variets of the Zobot [sic] worm. The Worm is reported to scan for vunerable systems on port 445.
Port 445 is part of the protocols that Microsoft uses for directory services.
Interestingly enough, as I am typing this to you, Microsoft has not made any publications on it's main website about the situation, nor has provided a "protect yourself now" link.
People are encouraged to do the following:
* Close port 445 on your firewall.
* Update your computer to the latest set of Microsoft fixes using Windows Update. Install those updates, and REBOOT your computer
* Update your Antivirus technologies
* Check your computer to see if you have an FTP server running on TCP port 1117
According to Symantec's website, the worm iaffects all flavors of Windows out there, except for Windows 3.1 It will also affect Windows Servers.
As for me, I will be watching this play out from the comfort of my Macintosh.
Christian
As of late Tuesday afternoon Chicago time, major news networks are reporting being affected by a new bug called Zotob. It affects Microsoft systems, as described in a Microsoft Bulliton MS05-039, a document that was released earlier this month. CERT sources say that they have seen several variets of the Zobot [sic] worm. The Worm is reported to scan for vunerable systems on port 445.
Port 445 is part of the protocols that Microsoft uses for directory services.
Interestingly enough, as I am typing this to you, Microsoft has not made any publications on it's main website about the situation, nor has provided a "protect yourself now" link.
People are encouraged to do the following:
* Close port 445 on your firewall.
* Update your computer to the latest set of Microsoft fixes using Windows Update. Install those updates, and REBOOT your computer
* Update your Antivirus technologies
* Check your computer to see if you have an FTP server running on TCP port 1117
According to Symantec's website, the worm iaffects all flavors of Windows out there, except for Windows 3.1 It will also affect Windows Servers.
As for me, I will be watching this play out from the comfort of my Macintosh.
Christian
- kc0arf
•
•
•
•
advertising apple browser business computer crime dell development email firefox google hacking hardware ibm internet iphone ipod linux mac malware microsoft mobile mozilla mp3 news office open source operating privacy programming research search security server software spam stocks system technology trojan ubuntu video virus vista web windows xp yahoo youtube
All Recent Tags Comments (Newest First)
benna | Newbie Poster | Aug 17th, 2005
•
•
•
•
Proacted isn't a word.
jwenting | duckman | Aug 17th, 2005
•
•
•
•
And so the reason Microsoft has not reacted is because they proacted by releasing an update that closes this hole they themselves reported at the time they reported it.
If people choose to neglect their security updates (for whatever software they use, not just Windows but your precious MacOS as well) they put themselves at risk and have noone but themselves to blame if they get compromised.
If people choose to neglect their security updates (for whatever software they use, not just Windows but your precious MacOS as well) they put themselves at risk and have noone but themselves to blame if they get compromised.
Danny | The Press Release Guy | Aug 16th, 2005
•
•
•
•
Christian -- Firstly, it's not a virus, it's a worm. CNN called it both, but just to be official, its a worm. Worm worm worm.
I have updated my blog title to reflect the content better. The fact is, this is vulnerability is not present in all versions of Windows. Its only W2K and out-of-date versions of XP.
The rest of us are fine. And in fact, Microsoft has responded. You should have looked harder. The official MSRC blog has info: http://blogs.technet.com/msrc/archive/2005/08/15/409169.aspx
My computer, (XP Pro with SP2) was never at risk. Since most users with XP use automatic-windows updates, they probably will be fine too. W2K is not a very common OS anymore.
As per your Mac: Don't even go there. Macs are a much smaller market share than PCs, so theres much less of an incentive to create malicious software for them. Its common sense.
I have updated my blog title to reflect the content better. The fact is, this is vulnerability is not present in all versions of Windows. Its only W2K and out-of-date versions of XP.
The rest of us are fine. And in fact, Microsoft has responded. You should have looked harder. The official MSRC blog has info: http://blogs.technet.com/msrc/archive/2005/08/15/409169.aspx
My computer, (XP Pro with SP2) was never at risk. Since most users with XP use automatic-windows updates, they probably will be fine too. W2K is not a very common OS anymore.
As per your Mac: Don't even go there. Macs are a much smaller market share than PCs, so theres much less of an incentive to create malicious software for them. Its common sense.
kc0arf | Posting Virtuoso | Aug 16th, 2005
Toulinwoek | Junior Poster | Aug 16th, 2005
•
•
•
•
Also, and I say this not to lull anyone into a false sense of security, but this VIRUS (a "bug" is a software mistake; this mess is intentional mischief) right now is primarily targeting Windows 2000-based machines. But again, don't leave yourself unprotected just because you have another version.
I'm watching all this in comfort myself; from the comfort of common sense
I'm watching all this in comfort myself; from the comfort of common sense
cscgal | The Queen of DaniWeb | Aug 16th, 2005
•
•
•
•
Is it just me or is this related to Danny's CNN blog entry?
http://www.daniweb.com/blogs/entry313.html
Gahh, benna posted at the same time as me!
http://www.daniweb.com/blogs/entry313.html
Gahh, benna posted at the same time as me!
benna | Newbie Poster | Aug 16th, 2005
•
•
•
•
It seems unclear whether the worm infecting CNN and others is Rbot or Zotob. Someone from trendmicro was on CNN earlier saying it was probobly Rbot, but CNN was saying Zotob before that.
It seems to me though that these news organizations are making a big deal out of an ordinary worm simply because they have been infected. The internet traffic report as remained steady throughout the afternoon, indictating that the worm is not widespread enough to have any significant effect on the internet.
SANS has an interesting hypothesis that NYTimes, ABC, and CNN were all at the same event at some point recently had had their laptops on the same network, and that in this way the worm got past the firewalls of the news organizations and on to their networks. This seems likely to me. I have seen no indication thus far in my router log that this worm has tried to spread to my network.
It seems to me though that these news organizations are making a big deal out of an ordinary worm simply because they have been infected. The internet traffic report as remained steady throughout the afternoon, indictating that the worm is not widespread enough to have any significant effect on the internet.
SANS has an interesting hypothesis that NYTimes, ABC, and CNN were all at the same event at some point recently had had their laptops on the same network, and that in this way the worm got past the firewalls of the news organizations and on to their networks. This seems likely to me. I have seen no indication thus far in my router log that this worm has tried to spread to my network.
Post Comment
•
•
•
•
DaniWeb Marketplace (Sponsored Links)
Related Blog Entries
- Is Google an open relay spammer? (4 Hours Ago)
- Computing and disabilities (3 Days Ago)
- Chinese Army of Hackers attack Belgium (3 Days Ago)
- Outlook Gets Help from the Facebook Generation (6 Days Ago)
- Review: Devotec Portable Solar Charger (6 Days Ago)
- Babbage Engine comes alive in Silicon Valley (8 Days Ago)
- Mobile Devices Represent an Opportunity for Google; Not a Threat (9 Days Ago)
- Don’t Install XP or Vista Service Packs, Microsoft Warns (11 Days Ago)
- Perhaps I Misjudged Microsoft as the Mesh Platform Shows (11 Days Ago)
- US are the phisher kings (11 Days Ago)
Related Forum Threads
- disc read error and wont boot! AAAgh! (Troubleshooting Dead Machines)
- process is running,but program is not open? (Windows Software)
- Big Time Bug On New Windows Update (Windows NT / 2000 / XP / 2003)
- Dangerous Bug in HijackThis 1.97.7 Restoral Procedure (Viruses, Spyware and other Nasties)
- windows xp, nvidia geforce 4 ti bug (Windows NT / 2000 / XP / 2003)
- ||||||||BUG FOUND IN WINDOWS FORUM||||| (DaniWeb Community Feedback)
- CSRSS Backspace Bug in Windows NT 4/NT 2000/NT XP (Windows NT / 2000 / XP / 2003)
This is not related to Danny's entry. He was talking about the social aspects, and didn't offer any technical information on it. He also titled his posting on CNN, and anyone who doesn't give a damn about CNN probably won't read it. Mine is titled to the point.
I also see Windows as being Buggy software. It is a virus. But Windows is buggy software.
I am going to check my traffic graphs later this evening to see if the noise floor has grown or not.
Christian