Zotob Worm Affects Windows Users

By | August 15, 2005

A new Internet worm has been detected that can infect Microsoft’s Windows platforms, using the loophole in Window’s plug-and-play interface, faster than any previous worm. The worm could allow attackers to take complete control of a system.

The Zotob worm appeared shortly after Microsoft has issued a warning of a newly found critical security flaw. Even though Microsoft made patches for this problem available last week, few days later exploits were published on the Internet.

“Zotob is not going to become another Sasser,” F-Secure´s researchers said.“The worm does not infect computers running Windows XP Service Pack 2 nor Windows 2003, as those systems are somewhat protected against the Windows Plug-and-Play vulnerability. Machines that block port 445 using a firewall will also not be vulnerable, the company said. “As a result, the majority of Windows boxes on the Net won´t be hit by (the worm),” they continued.

The worm uses a flaw discovered in Window’s plug-and-play system. The worm compromises systems by sending data on port 445 and propagate using a file-transfer-protocol server.

Microsoft´s investigation into the worm indicated that it only infects Windows 2000 systems.

“Microsoft’s investigation into this malicious act is ongoing so that we can continue to understand how we can help support customers,” the company stated in an advisory posted Sunday. “We are working closely with our anti-virus partners and aiding law enforcement in its investigation.”

Leave a Reply