| New Zotob worm uses MS05-039 exploit |
 |
 |
 |
| Written by Editor |
| Monday, 15 August 2005 09:50 |
|
The worm is using a vulnerability that has only had a patch available now for less than a week. It seems the worm is based on the Mytob worm, and it may be using the exploit code that was released by houseofdabus just a few days ago. This worm has something in common with the Sasser worm that caused chaos sometime ago; both used exploit code produced by houseofdabus and both were released within a few days of the release of the exploit code. It may seem suspicious, but remember the Sasser author is safely locked up in prison this time. However, unlike Sasser, Zotob probably will not be as widespread because it is unable to infect Windows XP SP2 machines. It is also unable to infect machines that have TCP port 445 open filtered; as a result, the majority of the Windows systems on the Internet will likely be unaffected. The worm replicated by scanning random machines for TCP port 445. When a potential victim is found, the exploit is used to compromise the machine and download the worm to the machine via FTP. Once the machine is infected it then starts the replication process again. You can find out more about Zotob here in the detailed description by F-Secure. We would advise all readers to ensure that their machines are fully patched for the vulnerability as soon as possible. Add this page to your favorite Social Bookmarking websites          |
| Last Updated ( Thursday, 14 September 2006 22:05 ) |