Welcome to p2pnet.net - The original daily p2p and digital news site. Always First!
REGISTER | LOGIN
Cool Stuff
MPAA News
Games / Consoles
News
Music
Movies
Reviews
Open Source
Mobiles
Advertising
Products
P2P
Off Topic
Freedom
Politics
Interviews
Security
DRM
Links
Kids and Kartels
Scroogle Search: 
Search
 
Web p2pnet   
   Search: 
Search
Torrent Site Tracker
    Sponsored by
Frostwire
 
p2pnet
 


mp3rocket
 
Add real-time p2pnet headlines to YOUR site ! Click here to download our newsfeed code

Zotob is no Sasser, but …

p2pnet.net News:- It`s no Sasser, but it`s still unpleasant.

Bill and the Boyz released a security bulletin on August 9 detailing an MS05-39 Plug-and-Play hole it described as critical and which it said, in typical Microsoft prose, Could Allow Remote Code Execution and Elevation of Privilege.

In simple terms, that meant a hacker could use it as an entry point into your system and once inside, could have his or her wicked way with it.

This is nasty, as patches for this vulnerability have only been available for five days, warns F-Secure. Patch now.

But the news isn`t totally bad, says company research director Mikko Hypponen.

First of all, it will not infect Windows XP SP2 machines, he says. Nor will it infect machines with 445/TCP blocked at the firewall.

As a result, majority of Windows boxes in the net won’t be hit by it, he states.

Zotob A. replicates by scanning random machines at port 445/TCP and, When a victim is found, the exploit code downloads the main virus file via ftp from the scanning machine, sets up ftp server on the infected machine and starts scanning for more targets.

It also comes with a message, to wit: MSG to avs: the first av who detect this worm will be the first killed in the next 24hours!!!

Zotob has a taste for Microsoft Windows 2000 Service Pack 4; XP Service Pack 1 and Microsoft Windows XP Service Pack 2; XP Professional x64 Edition; and, Microsoft Windows Server 2003; Microsoft Windows Server 2003 Service Pack 1; and, Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems..

If you have Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME), you’re OK, promise Bill and the Boyz.

But wait. Zotob A? Yup. There’s already a ‘B’ variant on the loose but neither it nor the first worm use other exploits (for example LSASS), says Hypponen, adding:

“Maybe Zotobs are being confused to other IRC bots using the PnP exploits. There are several of these in the wild now.”

If there’s omething you think we should know, contact us – tips[at]p2pnet.net

See:-
F-SecureNew worm using a fresh exploit found, August 15, 2005

This entry was posted on Monday, August 15th, 2005 at 1:02 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 2765 times

« previous CDs usurp p2p as worst threat
Citizen Kane meets Wikipedia next »

3 Responses to “Zotob is no Sasser, but …”

  1. Reader's Write Says:
    August 15th, 2005 at 1:47 pm

    SURE AM GLAD I USE LINUX AND DON’T HAVE TO WORRY ABOUT MALWARE!

  2. Reader's Write Says:
    August 15th, 2005 at 1:57 pm

    Amen to that.

  3. Reader's Write Says:
    August 17th, 2005 at 1:07 pm

    I use Windows but it’s protected by a Linux 2.6-based router, Firefox instead of IE, and smart browsing habits. Virus, spyware, and bullshit free for two years straight. Not to mention still running fast. Proof that dumb users mess up their computers, not Windows alone.

Leave a Reply

ONLY items referencing the post at hand, please. No links to personal sites, no personal attacks, trolling, freebie advertising, or off-topic posts. Thanks. And Cheers!

    Sponsored by
tek savvy