What's the Zotob MS05-039 worm?

Our IT people are warning us about something called a Zotob MS05-039 worm, but they've caused more trouble than they've prevented in the past, so I'm leery about applying any changes they recommend. What is the Zotob worm, and how do I avoid getting into trouble with it?

Dave's Answer:

Feisty users, the bane of all IT departments! Just kidding. Actually, the Zotob worm is interesting in that it's only attacking Windows 2000 systems (which means if you're not running Win2k you're safe) and that it appears to be two different hackers actually having what the Wall Street Journal says is calling an Internet crime turf war! (Hollywood, are you listening?)

The sequence of events behind this particular worm are that about a week ago Microsoft announced a vulnerability in the Plug-and-Play subsystem in Windows 2000 and issued a security update or "patch" that prevented people from being infected. The worm authors then promptly swung into action, producing nine different variations on worms that attacked the specific identified vulnerability.

Tip: A worm is a self-replicating program, one that tries to spawn copies of itself on as many other systems as it can find while also, typically, doing something malicious on the host machine.

In fact, if your IT department had been properly on the ball and had updated all the Windows 2000 systems in your department, you would have been able to sit back, breath easily, and know that Microsoft had saved the day. By not applying the security patch promptly, your systems are indeed possibly at risk for this worm that's caused significant havoc at organizations running the earlier version of Windows.

You'll know if you're infected because your computer will continually restart. Learn more about exactly how to tell if you're infected - including the specific file or files created by the worm - at Microsoft's What You Should Know about Zotob.

If you already have been infected, then try running an antivirus program, getting the very latest updates from the vendor, then running it again. Hopefully that'll fix things.

If you haven't been infected, but are running Windows 2000, use the built-in Windows update capabilities, or check out Symantec's Zotob Removal Instructions.

Finally, my advice to you? Listen to your IT department and apply the very latest set of patches from Microsoft now, not later.

Categorized: Windows PC Help (Article 4134, Written by Dave Taylor)
Tagged:
Previous: One site, lots of subdomains, or multiple sites?
Next: How do I recover lost digital photographs?

Subscribe!

Never miss another Q&A article! Click to subscribe:

Comments

only attacks w2k computers...
and large companies are most at risk...
hmmm... sounds like a MS funded worm to get
the CEO's of large companies embarassed enough
to order the IT departments to upgrade all
computers to XP at any cost....
hmmmm... makes one wonder...

Posted by: michael at August 18, 2005 9:58 AM

Hi, Dave. Thank you for your information. This "zotrob" issue once againg shows that Microsoft people are the real provider of information about "vulnerabilities" when they release these patches. Hackers just do some "reverse enineering" job to find for what the pathes are for and readily they have a new instrument to release new worms. Does this mean that MS should stop looking for vulnerabilities? Should they stop publishing patches? Could these hackers fine these vulnerabilities without the "help" of Microsoft? Which comes fors: the hen or the eggs?
Best Regards

Posted by: Andr�s S�nchez at August 18, 2005 3:27 PM

I have something to say, now that you mention it, but ...

I do have a lot to say, and questions of my own for that matter, but first I'd like to say thank you for all your efforts on this Web site by buying you a cup of coffee!

I do have a comment, now that you mention it!

How can I fix too little virtual memory in Windows?

How do I install Windows XP in Boot Camp on my Mac?

How do I download photos onto my Apple iPhone?

How do I convert WMA to MP3 audio files in Windows Media Player?

How can I add a Google search box to my site?

How can I put music on my Apple iPod?

How can I get my Nintendo DS to connect to the Internet?

How do I reset my Mac OS X administrator (root) password?

Recent Entries

How can I pair a bluetooth speaker with my MacBook Pro?

Is my copy of Windows 7 "activated" and genuine?

The Scoop on Merchant Services and Credit Card Processing?

How can I change my Windows PC computer name?

Introduction to Google Docs Spreadsheets

Add Po.st Social Media (Facebook, Google Plus) widgets to your blog?

I Need Help!

Even More Help

Apple iPad Help
Articles and Reviews
Auctions and Online Shopping
Blogs and RSS Feeds
Building Web Site Traffic
Business and Management
CGI Scripts and Web Site Programming
Computer and Internet Basics
d) None of the Above
Facebook Help
Google Plus Help
HTML and CSS
Industry News and Trade Shows
iPhone and Cell Phone Help
iPod, Sony PSP and MP3 Player Help
Mac OS X Help
Pay Per Click (PPC) Advertising
Search Engine Optimization (SEO)
Shell Script Programming
Tech Support Video Help
The Writing Business
Twitter, LinkedIn and Social Network Help
Unix and Linux Help
Video Game Tips and Help
Windows PC Help
WordPress Help

film blog - social media / blogging speaking - business blog - Colorado photography - free tech support

© 2002 - 2012 by Dave Taylor. All Rights Reserved.

Note: This web site is for the purpose of disseminating information for educational purposes, free of charge, for the benefit of all visitors. We take great care to provide quality information. However, we do not guarantee, and accept no legal liability whatsoever arising from or connected to, the accuracy, reliability, currency or completeness of any material contained on this web site or on any linked site.

business blog | sitemap | link to us!