Panda Virus Alert: Zotob.A

Discussion in 'malware problems & news' started by Randy_Bell, Aug 14, 2005.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    - Panda Software reports on the new Zotob.A that exploits the
    vulnerability in Plug and Play -
    - Virus Alerts, by Panda Software (http://www.pandasoftware.com )​

    Madrid, August 14 2005 - PandaLabs reports on a new worm, Zotob.A, that exploits the vulnerability in Plug and Play (PnP) which could allow remote code execution and elevation of privileges in the affected computer. This worm is the first to appear which exploits this security problem, only 5 days after Microsoft announced this critical security problem on its bulletin MS05-039, which also includes details of the updates that users are advised to apply.

    Zotob.A scans IP addresses through port 445 in order to find vulnerable systems. If it finds one, it will send instructions to transfer itself to these computers. A has an IRC client through which it connects to a certain IRC server. In this way it can receive commands that can enable the computer to be administered remotely.

    Zotob.A creates the "B-O-T-Z-O-R" mutex to prevent two copies of itself being executed simultaneously on the system. Besides, it modifies the HOSTS file to prevent access to certain web pages.

    Panda Software recommends users to download the patch offered by Microsoft which appeared just some days ago. The web page to download this patch is available at: http://www.microsoft.com/technet/security/bulletin/ms05-039.mspx

    To help as many users as possible scan and disinfect their systems, Panda Software offers its free, online anti-malware solution, Panda ActiveScan, which now also detects spyware, at http://www.activescan.com. Webmasters who would like to include ActiveScan on their websites can get the HTML code, free from http://www.pandasoftware.com/partners/webmasters.

    Panda Software also offers users Virus Alerts, an e-bulletin in English and Spanish that gives immediate warning of the emergence of potentially dangerous malicious code. To receive Virus Alerts just visit Panda Software's website (http://www.pandasoftware.com/about/subscriptions/) and complete the corresponding form.

    More information about these and other threats is available in Panda Software's Encyclopedia at: http://www.pandasoftware.com/virus_info/encyclopedia/
     
    Randy_Bell, Aug 14, 2005
    #1
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    164,107
    Location:
    Texas
    Zotob worm finds its path limited

    Info
     
    ronjor, Aug 15, 2005
    #2
  3. Paul2

    Paul2 Guest

    Paul2, Aug 16, 2005
    #3
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...