Microsoft has announced that the recently discovered Zotob.A worm can only affect an unpatched Windows 2000 system.
The first thing users of Windows 2000 need to do is to visit Microsoft online and ensure they have the MS05-039 patch on their systems. If not, they need to update immediately.
Despite being limited to only the Windows 2000 platform, the Zotob.A worm can move with Sasser-like speed across internal networks and the Internet. If it infects an unpatched machine, it will create a backdoor in the system, open to an external hacker and subjecting the system to remote code execution.
Microsoft says on its site that it has not yet seen “widespread impact to the Internet.” They have rated the Zotob.A worm a Moderate threat, which rests between Critical and Low. Users familiar with Microsoft’s “Patch Tuesday” security bulletins will note Microsoft uses the same scale when rating those, too.
A Zotob.A infection will leave a file named Botzor.exe on a computer. The worm will further make changes to the local Windows 2000 system’s registry, adding keys to it. The Zotob creators wasted little time getting the worm into the wild; the security bulletin disclosing the vulnerability was announced on August 9th, and the worm started showing up in systems on the 14th.
The similar Zotob.B exploits the same flaw, a problem with Microsoft’s Plug and Play functionality (PnP). PnP allows users to easily add peripherals to their systems, simply by connecting a device to an available connection on a computer. Without PnP, users would have to manually configure various settings on their machines to get printers, etc, to work correctly.
David Utter is a staff writer for Murdok covering technology and business. Email him here.
