Attention Microsoft Users --

As of late Tuesday afternoon Chicago time, major news networks are reporting being affected by a new bug called Zotob. It affects Microsoft systems, as described in a Microsoft Bulliton MS05-039, a document that was released earlier this month. CERT sources say that they have seen several variets of the Zobot [sic] worm. The Worm is reported to scan for vunerable systems on port 445.

Port 445 is part of the protocols that Microsoft uses for directory services.

Interestingly enough, as I am typing this to you, Microsoft has not made any publications on it's main website about the situation, nor has provided a "protect yourself now" link.

People are encouraged to do the following:

* Close port 445 on your firewall.
* Update your computer to the latest set of Microsoft fixes using Windows Update. Install those updates, and REBOOT your computer
* Update your Antivirus technologies
* Check your computer to see if you have an FTP server running on TCP port 1117

According to Symantec's website, the worm iaffects all flavors of Windows out there, except for Windows 3.1 It will also affect Windows Servers.

As for me, I will be watching this play out from the comfort of my Macintosh.


Recommended Answers

All 7 Replies

It seems unclear whether the worm infecting CNN and others is Rbot or Zotob. Someone from trendmicro was on CNN earlier saying it was probobly Rbot, but CNN was saying Zotob before that.

It seems to me though that these news organizations are making a big deal out of an ordinary worm simply because they have been infected. The internet traffic report as remained steady throughout the afternoon, indictating that the worm is not widespread enough to have any significant effect on the internet.

SANS has an interesting hypothesis that NYTimes, ABC, and CNN were all at the same event at some point recently had had their laptops on the same network, and that in this way the worm got past the firewalls of the news organizations and on to their networks. This seems likely to me. I have seen no indication thus far in my router log that this worm has tried to spread to my network.

Is it just me or is this related to Danny's CNN blog entry?

Gahh, benna posted at the same time as me! :)

Also, and I say this not to lull anyone into a false sense of security, but this VIRUS (a "bug" is a software mistake; this mess is intentional mischief) right now is primarily targeting Windows 2000-based machines. But again, don't leave yourself unprotected just because you have another version.

I'm watching all this in comfort myself; from the comfort of common sense :)


This is not related to Danny's entry. He was talking about the social aspects, and didn't offer any technical information on it. He also titled his posting on CNN, and anyone who doesn't give a damn about CNN probably won't read it. Mine is titled to the point.

I also see Windows as being Buggy software. It is a virus. But Windows is buggy software.

I am going to check my traffic graphs later this evening to see if the noise floor has grown or not.


Christian -- Firstly, it's not a virus, it's a worm. CNN called it both, but just to be official, its a worm. Worm worm worm.

I have updated my blog title to reflect the content better. The fact is, this is vulnerability is not present in all versions of Windows. Its only W2K and out-of-date versions of XP.

The rest of us are fine. And in fact, Microsoft has responded. You should have looked harder. The official MSRC blog has info:

My computer, (XP Pro with SP2) was never at risk. Since most users with XP use automatic-windows updates, they probably will be fine too. W2K is not a very common OS anymore.

As per your Mac: Don't even go there. Macs are a much smaller market share than PCs, so theres much less of an incentive to create malicious software for them. Its common sense.

And so the reason Microsoft has not reacted is because they proacted by releasing an update that closes this hole they themselves reported at the time they reported it.
If people choose to neglect their security updates (for whatever software they use, not just Windows but your precious MacOS as well) they put themselves at risk and have noone but themselves to blame if they get compromised.

Proacted isn't a word.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.