Zotob worm targets Windows 2000

Summary:Windows 2000 users have been strongly urged to patch their computers against the latest piece of dangerous malware

Antivirus firms have urged affected users to patch their systems immediately after a worm was discovered over the weekend that exploits a critical vulnerability in some Windows platforms.

The Zotob worm exploits a flaw which primarily affects the Windows 2000 platform but has an impact on Windows XP Service Pack I.

Microsoft released a patch on August 9. The Microsoft Technical Bulletin MS05-039 stated that a successful exploitation would allow the attacker to "take complete control of the affected system ... install programs; view, change, or delete data; or create new accounts with full user rights."

The worm does not affect Windows XP SP2 or Windows Server 2003 systems.

Mark Sinclair, technical services director at Trend Micro Australia, told ZDNet Australia that it was about to issue a yellow alert -- which means the worm is being reported in at least two [global] regions and there is a high potential for damage -- for Zotob after receiving infection alerts from customers.

"We are seeing some evidence of [infections] today -- I can't talk about which companies in particular but they are big enterprises. We are getting reports from those customers that they are getting infected by this particular worm," said Sinclair.

However, companies should not panic ... yet.

"It is not panic stations at this stage. But given that the vulnerability was only announced last week, it is a very quick turnaround for virus writers and it could get nasty," said Sinclair.

Allan Bell, marketing director for McAfee Asia-Pacific, said most large organisations could avoid the worm by making sure they block ports 445 and 139 on their firewall.

"These particular ports are used for file sharing and most corporates should have them blocked off. It is unusual for a corporate to have those open because you don't normally want somebody remotely accessing your systems," said Bell.

Antivirus firms are particularly worried because of the number of Windows 2000 systems that are still in use. According to a recent study published by asset management specialist Assetmetrix, Windows 2000 is still installed in more than 50 percent of computers used by large corporations worldwide.

Graham Cluley, senior technology consultant at Sophos said in a statement yesterday: "There will be many Windows computers that will not have been patched yet and may be vulnerable to infection and compromise. Everyone should act swiftly to ensure their PCs are properly protected with antivirus software, firewall software and up-to-date security patches."

Click here to download the patch.

Topics: Security


Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.Munir was recognised as Austr... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.