Tuesday, August 16, 2005 10:05 PM cmosby

SANS - Internet Storm Center - Another PnP worm on the loose...

Things finally hit critical mass, boys and girls.  Its patch or die time now.  The below info is from ISC, with links to information added in.

SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System - Current Infosec News and Analysis

Another PnP worm on the loose...

CNN reported a worm outbreak this afternoon involving their network, ABCNews, NYTimes, as well as Capitol Hill.

Information is still flowing on this situation, but here's what we have so far:

Symantec just released info on the W32.Zotob.E worm here 

Trend Micro also released information under WORM_RBOT.CBQ.

McAfee released information as well: W32/IRCbot.worm

This is an IRC bot worm, and will scan for TCP port 445, and for file shares, but as far as the analysis shows so far, it does not shut down the system. McAfee does report in it's bulletin that systems not patched for MS05-039 will continually reboot.

It exploits known vulnerabilities, and the patch is available from microsoft here: Microsoft Security Bulletin MS05-039

Blogger’s Note: Symantec’s Zotob.E and Esbot.A is currently at Level 3 risk, Trend Micro has their Zotob.D and WORM_RBOT.CBQ at Medium Risk, and McAfee has W32/IRCbot.worm!MS05-039 at High risk and has even updated their Stinger Tool to clean it upThis is real serious stuff, no more joking around.  If you can’t get your managment to let you deploy patches because they feel like “the antivirus will get it”, or “we don’t want to bother the users with a reboot”; drop one of us bloggers a line, we will set them straight.

Filed under: , , ,

Comments

No Comments