Visualizza versione completa : "W32.ZOTOB.E" - Allerta 5 - (Update)

17-08-2005, 15.11.13

W32.Zotob.E (Symantec), WORM_RBOT.CBQ (Trend Micro), W32/IRCbot.worm!MS05-039 (McAfee), W32/Tpbot-A (Sophos), Win32.Tpbot.A (Computer Associates), Net-Worm.Win32.Small.d (Kaspersky (viruslist.com))

If this worm is run on a system which has not yet been patched for the MS05-039 vulnerability, it will continually reboot.


Aggiornamento AntiVirus al 17/08/05 ;)(Y)

17-08-2005, 15.17.29
McAfee Stinger: http://download.nai.com/products/mcafee-avert/stinger.exe

Trend Micro: http://es.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=2&VName=WORM_RBOT.CBQ

Symantec (dalla Variante "A" fino alla Variante "F"): http://sarc.com/avcenter/venc/data/w32.zotob.removal.tool.html

PSPL Tool (dalla Variante "A" fino alla Variante "F"): http://www.pspl.com/download/cleanzt.htm

NOD32 Tool (dalla Variante "A" fino alla Variante "C"): http://www.nod32.it/cgi-bin/mapdl.pl?tool=Zotob

Panda Software Tool (dalla Variante "A" fino alla Variante "D"): http://www.pandasoftware.com/download/utilities/

F-Secure Tool: http://www.f-secure.com/tools/f-bot.zip

17-08-2005, 15.28.26

Here is a status update on the malware using the Plug-and-Play vulnerability (MS05-039).

For the last four days we got 11 different samples of malware using this vulnerability. Currently there are three Zotob variants (.A, .B and .C), one Rbot (.ADB), one Sdbot (.YN), one CodBot, three IRCbots (.ES, .ET and .EX) and two variants of Bozori (.A, .B).

Leggi: http://www.f-secure.com/weblog/

In Depth: The Zotob and Esbot worms

Leggi: http://news.ft.com/cms/s/112bcc04-0f0d-11da-8b31-00000e2511c8.html

17-08-2005, 15.43.34
The Zotob worm, which surfaced late last week, has started spreading rapidly in Australia and attacking computers running Windows 2000 and unpatched Windows XP, an anti-virus researcher said. Jakub Kaminski, a senior researcher at Computer Associates lab in the Melbourne suburb of Richmond, said Zotob was spreading rapidly, particularly in the west of the country...

Leggi: http://www.theage.com.au/news/breaking/zotob-worm-spreads-in-australia/2005/08/17/1123958102488.html?oneclick=true

CNN, Disney Zapped By Zotob

Leggi: http://www.webpronews.com/news/ebusinessnews/wpn-45-20050816CNNDisneyZappedByZotob.html

17-08-2005, 16.02.09

...Other large multinationals reportedly hit included UPS, General Electric and Caterpillar. The virus also targeted banks, with at least two Canadian organisations, the Canadian Imperial Bank of Commerce and BMO Nesbitt Burns, suffering attacks...

Leggi: http://business.timesonline.co.uk/article/0,,9075-1738986,00.html

17-08-2005, 16.21.18
SAN FRANCISCO -- A computer worm targeting corporate networks with the Windows 2000 operating system arrived less than a week after Microsoft Corp. warned of the security flaw. As experts predicted, the Windows hole proved a tempting target for rogue programmers, who quickly developed more effective variants on a worm that surfaced over the weekend and by Tuesday had snarled computers at several large companies. Among companies affected by the worm and its variations were ABC, CNN, The Associated Press, The New York Times and Caterpillar Inc. In California, San Diego County said it needed to cleanse 12,000 computers of the bug. ABC News producers had to use electric typewriters Tuesday to prepare copy for their "World News Tonight" broadcast, according to spokesman Jeffrey Schneider...

Leggi: http://www.local6.com/technology/4862245/detail.html

17-08-2005, 20.18.06
Zotob e le sue varianti attaccano Vittime eccellenti la Cnn e la Abc

...Microsoft, dopo aver ammesso la scorsa settimana i bug nei sistemi, continua a invitare gli utenti ad aggiornare il software sui loro pc per evitare che vengano infettati, poiché anti-virus e firewall aggiornati sono in grado di proteggere i computer. Sul sito della compagnia si legge che "zotob" e le sue varianti sono in grado di installare nei computer software dannosi e poi collegarsi ad altri sistemi per infettarli. Secondo altri esperti, "IRCBOT.WORM" e "RBOT.CBQ" sono differenti dai predecessori perché possono essere controllati dai server IRC, oppure da computer collegati in rete che gestiscono sessioni di chat online...

Leggi: http://www.repubblica.it/2005/h/sezioni/scienza_e_tecnologia/viruzotob/zotattac/zotattac.html

18-08-2005, 10.42.36

SAN JOSE, Calif. - Malicious hackers unleashed new variants of a computer worm that attacks a vulnerability in Microsoft Corp.'s Windows 2000 operating system, but infection rates appeared to be relatively low and damage minor. The latest "War of the Worms" stands in contrast to previous outbreaks that brought networks and millions of PCs to a crawl in recent years...

Leggi: http://www.sanluisobispo.com/mld/sanluisobispo/business/12412521.htm

21-08-2005, 14.54.09
SEATTLE (AP) -- Microsoft Corp. was working Friday to come up with a fix for a flaw in its Internet Explorer browser that could let hackers gain remote access to computer systems through malicious Web sites.

A patch was not immediately available, though security experts played down the risk.

"If the user doesn't browse a malicious Web site, then the user isn't even under attack," said Gerhard Eschelbeck, chief technology officer at Qualys Inc., a security company based in Redwood Shores, Calif.

Leggi: http://customwire.ap.org/dynamic/stories/M/MICROSOFT_SECURITY?SITE=FLTAM&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2005-08-19-20-58-29

22-08-2005, 12.29.36

It all started just a week ago.

On Sunday the 14th we found a new virus around noon. Nothing special there, except that this one was using a brand new exploit against a brand new vulnerability: the MS05-039 PnP hole. I was the viruslab oncall manager for the week, so I called up other oncall people to work on the case. Jarkko analysed the virus from his home office and Jarno made his way to the office to test and publish a new update to detect this critter...

Leggi: http://www.f-secure.com/weblog/