Zotob Makes its Rounds at CNN

Posted on August 17, 2005
Filed Under Security, Windows |

A new worm appeared on Wednesday that deserves a few words here and a temporary departure from the current topic of sharing computing resources. The major antivirus vendors haven’t at the time of this writing quite agreed on what the new worm actually is, but its story is making news in a big way.

A week after Microsoft announced a vulnerability in the Windows Plug and Play service and released a patch for it, the Zotob worm made its appearance. The worm exploits the vulnerability and can potentially allow an attacker to gain control of an infected computer.

By today’s standards, the Zotob worm is rather unremarkable. Like its predecessors, Sasser and Blaster, Zotob was written to take advantage of a known security vulnerability and attacks susceptible computers that are not protected by a firewall.

Windows 2000 computers are most vulnerable but early versions of Windows XP are also at risk. While other versions of Windows cannot be affected by the worm, they can “carry” it and transfer it to susceptible computers.

A working firewall is a critical component in the prevention of this type of this type of infection. A firewall acts somewhat like a one-way door. It allows you to get out onto the Internet but prevents others from coming in from the Internet.

The other keys to prevention are keeping antivirus software updated and applying the patches that prevent infection.

What makes this worm most interesting is the attention it has been getting since it was discovered. CNN and most of the news organizations initially reported on it almost hourly. And all the while antivirus firms like Symantec are reporting that the geographic distribution is low, threat containment is easy, and ease of removal is moderate.

What is unique about Zotob is that it infected the networks at CNN, ABC, and The New York Times to name a few. The fact that a rather unremarkable worm gains huge media attention when it affects some of the larger news organizations isn’t all that surprising.

Surely these organizations are well protected by firewalls and employ competent computer staff. What must be difficult to control however are the laptops that are plugged into vulnerable networks in the field, become infected, and are then brought back into the office and plugged into the corporate network.

The firewall provides no protection for computers against worms and viruses that make their way in with an employee’s laptop. With the appropriate patches and antivirus there is some level of protection but the safest approach is to screen any computer that gets past the firewall.

Unremarkable as it is, Zotob and similar worms do pose a decided threat. In order to best defend against those threats, antivirus programs must be updated, firewalls established, computers kept patched, and any computer physically connecting to the network should be thoroughly screened.

Comments

Leave a Reply

You must be logged in to post a comment.