The importance of installing Microsoft's security updates in a timely fashion became clear this week with the delivery of the Zotob worm, just four days after Microsoft announced a "critical" security hole on Aug. 9. The Zotob worm, as reported by Trend Micro, blocks users from reaching certain anti-virus sites and can open a back door by connecting to a certain IRC channel, where a malicious user can take control of the system. Recently discovered variants include mass-emailing capabilities.
While the worm is getting lots of press, Trend Micro reports that damage has been limited and Microsoft advises that it only affects Windows 2000 computers. (Some users report otherwise, however.) What's particularly troubling, security consultant Matt Watchinski told Red Herring is how quickly the worm appeared after the vulnerability announcement:
The really interesting thing here is how quickly an exploit to take advantage of the hole was created and released. Normally, it takes a couple of days or weeks before a worm or virus is released but this time there’s just been four days from the release of the patch to the spread of the worm.
Microsoft released patches for a number of critical and moderate holes on Aug. 9, including Internet Explorer, Internet telephony, Kerberos and Remote Desktop Protocol.