|
A series of new worms and viruses have been released
onto the Internet to attack computers through
a Microsoft security hole. The Zotob worm and
its variants, as well as several other new worms
take advantage of a major security flaw recently
discovered in Microsoft's plug and play feature
of the Windows operating system. This is a
major attack on computers running the Windows
2000 operating system, causing them in many cases
to shut down and reboot continually or crash altogether.
Although Windows XP and 2003 computers are not
affected by Zotob and other variants, they can
be carriers of these worms and can infect other
computers. All computers running Windows 2000/2003/XP
have this security hole and should be patched
immediately.
Some security researchers claim the outbreak
is tied to a "war" between rival virus
writers. There appear to be three different virus-writing
gangs turning out new worms at an alarming rate,
as if they were competing to build the biggest
network of infected machines.
Worms have now attacked CNN, ABC, The Financial
Times, and The New York Times through the Microsoft
plug and play security hole. Larger organizations
and companies are at highest risk because these
new worms spread mostly via network connections
and shares. These worms, like any other, do not
discriminate and will attack any computer, whether
at a large company or at a home.
More and more virus writers are exploiting the
new MS05-039 vulnerability that Microsoft issued
a patch against last week. The list of malware
which uses the security hole to spread includes:
W32/Tpbot-A (also known by some anti-virus products
as Zotob.E or Rbot.CBQ. Some media reports have
named the virus Rbot.EBQ, but this is incorrect)
W32/Dogbot-A
W32/Zotob-A
W32/Zotob-B
W32/Zotob-C
W32/Zotob-F
Troj/ExpPNP-A
W32/Rbot-AKM
W32/Rbot-AKN
W32/Sdbot-ACG
W32/Tilebot-F
W32/Esbot-A
Zotob is the worm with widest infection rates
right now through this vulnerability. The new
version of Zotob, Zotob.C, goes one step further
than its predecessors, by trying to spread via
email rather than just networked computers. When
it spreads via email the Zotob.C worm can use
a number of disguises, including pretending to
be a webcam photograph.
The patch released by Microsoft resolves a newly-discovered,
privately-reported vulnerability. A remote code
execution vulnerability exists in Plug and Play
(PnP) that could allow an attacker who successfully
exploited this vulnerability to take complete
control of the affected system. An attacker could
then install programs; view, change, or delete
data; or create new accounts with full user rights.
Of course, the attacker would also be able to
steal any information, including private information,
from the infected computer.
|
