Printed from www.pcpro.co.uk
Microsoft plays down virulence of Plug and Play Zotob worm attack
Posted on 17 Aug 2005 at 12:28
A worm that exploits the new Microsoft MS05-039 'plug and play' security vulnerability is the latest online threat to grab the headlines. In the latest case this is literally true, as media outlets such as CNN, ABC, The Financial Times, and the New York Times have been high profile victims of the attack.
Microsoft issued its last monthly security update on 9 August. Among the three critical bulletins was the MS05-039 update, concerning a vulnerability that could allow remote code execution and the local elevation of user privileges. It exists in Windows 2000's Plug and Play functionality, potentially enabling an attacker to install programs and view, change, or delete data.
Already this vulnerability has been exploited in the fast changing virus world.
The Financial Times has published a notice on its website announcing it was infected by the worm. Entitled 'Your FT', it reads 'A computer virus disrupted production of FT.com and the newspaper last night. Click here to request information or pass on your comments'.
The exact identity of the worms in question, however, is still in doubt. According to Sophos, a number of viruses use the exploit, including Tpbot-A, Dogbot-A, Zotob, Rbot and Tilebot-F.
'The experts at Sophos are analysing more and more pieces of malware which are exploiting this serious security vulnerability in Microsoft's code,' said Graham Cluley, senior technology consultant at Sophos. 'These type of attacks are becoming a standard part of the virus writers' armoury. If you are responsible for network security inside an organization it's time to wake up and smell the coffee: you need to patch your systems now against these security holes or not be surprised when hackers and worms blast their way through.'
According to Microsoft, a new Internet worm is not involved but a different variation of the existing Zotob attack. This runs continuously in the background and provides a backdoor server allowing a remote intruder - via IRC channels - to gain control over the computer.
Microsoft maintains that Zotob - which targets Windows 2000 - has so far had a low rate of infection. Users of Windows XP, or those who have applied the MS05-039 update to Windows 2000, are not affected.
Author: Alun Williams
advertisement
- Need a bit of extra Christmas cash? Grass up your boss, says BSA
- Photoshop Mobile on Android review: first look
- ATI Radeon HD 5970: 42% more expensive in the UK
- Office 2010 Beta – 32-bit or 64-bit – The Choice is Clear
- Why Britain's watchdogs have fewer teeth than goldfish
- Tabbed documents: how to make Office 2010 great
- Outlook 2010 People Pane – does it spell death to Xobni
- Microsoft Outlook 2010 screenshots
- Co-Authoring in Word 2010 and SharePoint Foundation 2010
- Microsoft Outlook 2010 screenshots: Backstage view
- Avira Premium Security Suite 9
- ZoneAlarm Internet Security Suite
- Webroot Internet Security Essentials
- Trend Micro Internet Security
- PC Tools Internet Security 2009
- Panda Internet Security 2009
- Norton Internet Security 2009
- Kaspersky Internet Security 2009
- F-Secure Internet Security 2009
- Eset Smart Security
- BitDefender Total Security 2009
advertisement
