WIN2K systems droppin' like flys

CNN got dusted... should've applied them there patches last Tuesday. 'Spreadin' honkin' fast... patch them WIN2K boxes folks!

What patch? I assume win xp is fine.

ZOTOB - just do the MS patches and Bob's your uncle till it mutates... XP may be affected - CNN is sayin' all MS stuff is affected (I doubt that - like most "news" from CNN) - I like OpenBSD myself - 9 years 1 patch.

Depends on which windows vulnerability your talking about, if its this one then its a win2k issue only, 2k3 and XP SP2 are unaffected as of yet, but thats no reason to put off updating your systems. Also if your a networking person go ahead and block tcp port 445 which is how the virus spreads.

Some additional information about the worm can be found through the link below. It seems all MS operating systems can be infected.

www.sophos.com...

check it...
securityresponse.symantec.com...
securityresponse.symantec.com...

To bad the "Gates" are open...

Just had a phone call from downtown TO - TSX got whacked - wonder if Asia will get "patched" before the trade day begins. My clients (insurance companies) are all clean so far - 2048 bit encrypted backups are proceeding normally. No CERT alert yet - mui mui strange - them guys at Mellon are usually right on top of that there unit... I love OpenBSD even if the tape-ball on my glasses is bigger'n Cheney's ego.

Just had a phone call from downtown TO - TSX got whacked

Eh? In english?

TO - Toronto, TSX - Toronto Stock Exchange... Patch them boxes. CERT - if you have to ask you don't need to know... sorry mon frere. Throttle up.

I noticed something that I found rather interesting.

w32.zotob.a (which kinglizard mentioned) installs and runs a file called "botzor.exe"

w32.zotob.d (which highgroundys0p mentioned) ends, among others, a process called botzor.exe.

I wonder if these two virii are opposing weapons in a war of skript kiddies.

securityresponse.symantec.com...

Note,
The removal tool is only for the Zotob worm. The Zotob worm is not responsible for the reboots. The worm that is causing this is an IRC bot worm.
For info on it check out
Mcafee


TrendMicro

This eplains why all Internet access at work this afternoon completely ceased. I do run XP at work and my computer mysteriously rebooted just after lunch, just like this worm claims to do. Better do yet another virus scan...

Whats the big deal? another stinking virus

Zotob worm makes little progress

Security experts reported that barely a thousand systems had been infected by the Windows 2000 worm by Monday night

A new worm that was unleashed over the weekend affects only a limited group of Windows users and has not wreaked any widespread havoc, according to Trend Micro.
As of Monday morning on the West Coast of the US, the original Zotob.A had infected about 50 computers worldwide, and the first variant, Zotob.B, had compromised about 1,000 systems, the antivirus software maker said.
"There are not that many infections," said David Perry, director of global education at Trend Micro.
The worm, which has spawned at least two variants, exploits a hole in the plug-and-play feature in the Windows operating system. It surfaced only days after Microsoft offered a fix for the "critical" bug More

Microsoft readies August patches

I've not noticed any problems at all.

There was some mention of Washington having problems too.

CNN at one point announced that the police and FBI were not having any problems.....disinfo any one?

It's front page on CNN now, a little worrying what with the 7 days in August stuff going down umm... right about today isn't it?

Thanks for the links all. I have not needed them yet, but I am more fully aware now.

alternateheaven
if your a networking person go ahead and block tcp port 445 which is how the virus spreads.

Quite so. Should be a standard during setup.

highgroundsys0p
No CERT alert yet - mui mui strange - them guys at Mellon are usually right on top of that there unit...

CERT an the NIST have combined forces with The Department of Homeland Security, to present a consolidated vulnerability database. The alert about the vulnerability is posted there and a at CERT and has been for several days.

kenshiro2012
The Zotob worm is not responsible for the reboots

Quite so. If your pc is constantly rebooting, you will need the IRCbot.worm fix. But it is the Zotob worm that opens a relay with the IRC server and awaits instructions. So close TCP port 8080. It then opens FTP TCP port 33333 so block that too. I think that is how the IRCbot gets installed.

Sauron
Whats the big deal? another stinking virus

I agree, sort of. I think that IT staff with large quantities of client pc's are staying on top of these issues, cuz they know it is a matter of time before the big one hits. Besides I would have been bored without working on this tonight.

P.S. If it was not for the radio and TV shouting that the world was ending, we (work) would not have even noticed this worm hit. We didn't even have a hickup. This vulnerability was know for some time, and announced publicly a week ago.

The bottom line is if you have multiple clients, test the patches for compatibility when they first come out, and use SUS or MOM to force the updates out to the clients or pay the price.

Shame on you CNN.

The primary agency responsible for revenue collection in what has been called "The Fifth Largest GNP in the World" and known to all (now) as "Callie-Phone-ya", was taken "off-line" today 16/08/2005 by this worm/virus.

IT specialists are expected to work through the night to hopefully restore function by sometime tomorrow. The state-wide operations of the agency have been distrupted. Internal firewalls seem to be exacerbating the disruption, to the consternation of IT specialists.

aaaaaaaaahahahaha
yet another exploitation of windows SMB
tsk tsk tsk you'd've thought Billy learned with Netbios... pheer my beui skillaz
oh well.