Welcome to p2pnet.net - The original daily p2p and digital news site. Always First!
REGISTER | LOGIN
Cool Stuff
MPAA News
Games / Consoles
News
Music
Movies
Reviews
Open Source
Mobiles
Advertising
Products
P2P
Off Topic
Freedom
Politics
Interviews
Security
DRM
Links
Kids and Kartels
Scroogle Search: 
Search
 
Web p2pnet   
   Search: 
Search
Torrent Site Tracker
    Sponsored by
Frostwire
 
p2pnet
 


mp3rocket
 
Add real-time p2pnet headlines to YOUR site ! Click here to download our newsfeed code

Microsoft Zotob wreaks havoc

p2pnet.net News:- Could Allow Remote Code Execution and Elevation of Privilege understated Microsoft on August 9, referring to the MS05-39 Plug-and-Play vulnerability, the latest `critical` Windows hole.

The first Zotob tagged `A` replicates by scanning random machines at port 445/TCP and, When a victim is found, the exploit code downloads the main virus file via ftp from the scanning machine, sets up ftp server on the infected machine and starts scanning for more targets, said F-Secure`s Mikko Hypponen.

This is nasty, he went on, and since patches had only been available for five days, Patch now.

Symptoms include the boot, re-boot syndrome.

Then along Zotob B. and seven other variations and ironically, some of the mainstream media which had reported the initial outbreak, including carrying instructions on how to deal with it, have now been ravaged by it and among the afflicted are CNN, ABC and The New York Times, not to mention offices in the centre of US power on Capitol Hill.

Most of the recent problems are caused by a worm we call Zotob.D and a two bots we call Ircbot.es and Ircbot.et, says Hypponen, going on:

The main scenario remains the same: these things will only infect you via the MS05-039 vulnerability if you’re running Windows 2000 with port 445/TCP open – and you haven’t installed last weeks patches. Or you have installed the patches but haven’t rebooted.

Microsoft is aware of variations of an existing attack exploiting the vulnerability addressed by the Microsoft Security Bulletin MS05-039 on August 9, 2005, said Bill and the Boyz on August 11.

Our analysis has revealed that the reported worms are similar to the existing worm called Worm:Win32/Zotob.A.

These worms have thus far had a low impact on customers.

Meanwhile, The big organizations that are getting hit right now have most likely introduced the infection to the internal network via infected laptops, says F-Secure.

Get the patch here: Microsoft Security Bulletin MS05-039. And there’s also an MS ‘What You Should Know About Zotob’ item here.

(If you found this useful, please help us to keep on posting.)

If there’s omething you think we should know, contact us – tips[at]p2pnet.net

See:-
This is nastyZotob is no Sasser, but …, p2pnet, August 15, 2005
HypponenThe global PnP problems, August 17, 2005

This entry was posted on Wednesday, August 17th, 2005 at 1:30 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 3311 times

« previous The NEW Peer Impact
File sharing is NOT a crime ! next »

Leave a Reply

ONLY items referencing the post at hand, please. No links to personal sites, no personal attacks, trolling, freebie advertising, or off-topic posts. Thanks. And Cheers!

    Sponsored by
tek savvy