
But Windows 2000 users should still beware...
By Joris Evers
Published: 16 August 2005 08:40 GMT
A new worm that was unleashed over the weekend affects only a limited group of Windows users and has not wreaked widespread havoc, according to Trend Micro.
As of Monday morning on the west coast of the US, the original Zotob.A had infected about 50 computers worldwide, and the first variant, Zotob.B, had compromised about 1,000 systems, the antivirus software maker said.
David Perry, director of global education at Trend Micro, said: "There are not that many infections."
The worm, which has spawned at least two variants, exploits a hole in the plug-and-play feature in the Windows operating system. It surfaced only days after Microsoft offered a fix for the "critical" bug as part of its monthly patching cycle.
While early reports on Zotob suggested it was spreading rapidly, the impact of the worm has actually been restricted because it targets PCs running Windows 2000, an older version of the software, Microsoft said. It poses no threat to computers running the newer Windows XP and Windows Server 2003, the company added.
Stephen Toulouse, a program manager in Microsoft's security group, said: "Only a small number of customers have actually been affected. It is not something that has any type of widespread impact on the internet... It hits Windows 2000 customers very specifically."
Zotob appeared in record time after Microsoft's patch release, according to Trend Micro. Perry said: "This is the fastest turnaround from the announcement of the vulnerability to an actual virus."
Last Tuesday, Microsoft issued patches to fix the plug-and-play vulnerability in various versions of Windows. The bulletins included fixes for the newer Windows XP and Windows Server 2003, even though the software maker said at the time that only PCs running Windows 2000 were susceptible to a remote attack via the vulnerability.
There are desktop and server versions of Windows 2000, which was released in 2000 for business users rather than consumers. More recent editions of Windows are available but Windows 2000 remains popular. The operating system ran on 48 per cent of business PCs during the first quarter of 2005, according to a recent study by AssetMetrix.
Users of Windows 2000 should be on guard, especially if they are not using a firewall, said Mikko Hypponen, director of antivirus research at software maker F-Secure. Zotob.A and Zotob.B scan the internet for vulnerable systems using TCP port 445, a port typically blocked by a firewall, he said.
When a target system is found by Zotob, it installs a shell program on the computer that downloads the actual worm code, named Haha.exe, using FTP (File Transfer Protocol). The newly infected system then starts searching for new computers to compromise.
A second offshoot, Zotob.C, adds a mass-mailing capability, which means it can also spread by email.
The worm itself doesn't have a destructive payload but the first two versions do let the attacker commandeer the infected machine. Trend Micro's Perry said: "It leaves an open back door. It could download anything."
Joris Evers writes for CNET News.com
Firewall would be highly advantageous. MS Exchange/Windows XP Technical Support - Birmingham, West Midlands. My client is looking to add a Technology ...
Key Responsibilities* Providing desktop, printer, phones support in a Windows XP/2003/AD environment * Providing support for Office and custom ...
Updating the Desktop build image as new PCs and laptop models are purchased, ensuring all new hardware device drivers are installed and successfully ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead
Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy