Windows Worm Goes Global

UPDATED: A computer worm slamming corporate networks running Windows 2000 operating systems continued to make the rounds today after slowing down numerous high profile organizations on Tuesday.

The Zotob.B virus, which surfaced earlier this month after Microsoft warned of the security flaw, has already hit media outlets including ABC, CNN, The Associated Press and The New York Times, among others, and has now gone global.

While most security firms initially labeled the worm a low-risk threat and had even predicted the Windows hole would be targeted by hackers developing more effective variants on a worm, several firms are warning the problem may be greater than anticipated.

According to the security outfit IMlogic Threat Center, the worms are now using a chat channels to allow gain hackers access and control of an infected machines.

“The rapid spread of these worms is illustrating the special problems posed by threats that can leverage real time data channels like IM,” warned IMlogic’s security experts.

Microsoft released a statement today saying their analysis revealed new worms variants of the existing Zotob. However, The software maker continues to rate the issue as a low threat for customers and will continue to review the situation.

Redmond released a “critical” patch Aug. 9 for the vulnerability, which is most severe on Windows 2000 systems. Those computers can be accessed remotely through the operating system’s “Plug and Play” hardware detection feature.

The bug takes advantage of a vulnerability in Microsoft’s plug-and-play code found in Windows 98/ME/NT/2000/XP/Server 2003.

Vinny Gullotto, a vice president at McAfee AVERT, said the fast-spreading worms can remotely hijack computers and use them in Denial-of-Service attacks. The destructive capability of the worm combined with how quickly it has propagated are key factors in McAfee’s high-risk assessment, he said.

“The fact that it does not require any human interaction [to spread the virus] is pretty significant,” said Gullotto, justifying the high-risk rating. He also noted the rate at which the worm propagated was extremely fast, another factor in McAfee’s assessment.

“I want our customers to take notice of the threat and use the solutions we have provided,” he said.

However, Gullotto said he expects the risk assessment to drop to medium by Wednesday afternoon and possibly “low” within 24 hours.

The worms can attack a system without needing to open any software, so some users would be infected without knowing it.

Microsoft said Zotob has thus far had a low rate of infection and claims Zotob only targets Windows 2000. Customers running other versions such as Windows XP, or customers who have applied the MS05-039 update to Windows 2000 are not impacted by this attack. Dimitri Alperovitch, research engineer at CipherTrust, says the Zotob virus is spreading faster than any virus he has ever seen and is using zombies to spread the virus, very effectively.

“At one point today, more than 2000 zombies were part of the network that is spreading the virus,” he said in an e-mail to

News Around the Web