Trend Micro: Windows Worm ZOTOB a Threat

Tokyo-based Internet and security firm Trend Micro reports a new Windows worm, dubbed ZOTOB, has appeared which exploits "critical" security holes in Microsoft’s Windows 95, 98, NT, ME, 2000, and XP operating systems which Microsoft patched just last week. The worm, detected in both the United States and Germany, can block infected users’ access to antivirus sites and give attackers access to infected systems.

So far, Trend Micro reports two variants (ZOTOB A and B) have been discovered. Both take advantage of Microsoft’s Plug and Play technology to propagate across networks; when the worm detects a vulnerable system, it attaches a script to that system which downloads the worm from a clandestine FTP server on the infected machine. Once installed, the worm modifies the system’s HOSTS file to interfere with user’s connecting to specific antivirus Internet sites. The worm also opens a backdoor which enable the computer to receive commands via IRC channels on specific servers; worm variants A and B connect to different IRC servers. Once installed, all data on the infected system is accessible to remote attackers; remote users could also take control of infected systems.

To avoid infection by the ZOTOB worms and (undoubtedly) future malware which attempts to exploit the same Windows vulnerabilities, users should make sure their antivirus software is up-to-date and install the latest Microsoft security updates to ensure their systems are not vulnerable to these attacks. The rapid appearance of the ZOTOB worm shortly after Microsoft released system patches emphasizes how critical it can be for Windows users to install security updates promptly and maintain security software. If ZOTOB proves anything, it’s that malware exploiting vulnerabilities in Windows operating systems will appear on the Internet almost instantaneously once the vulnerabilities become widely known outside the computer security industry.

Editors' Recommendations