Microsoft has released a tool that allows users to check whether they are infected with any of the Zotob variants or other code that exploits the same vulnerability and remove them. A similar initiative was also taken by Panda Software.
Zotob started circulating on the Internet last Sunday, less than a week after Microsoft released the security update that fixed the security flaw in the security system. plug-and-play Windows on which it works.
In the following days, several variants of the virus appeared, as well as new versions of worms already exploiting the same vulnerability. The main victims of exploits they have been corporate networks, users of version 2000 of Windows, this although the virus uses several other versions of the operating system to spread.
Among the affected companies are names such as CNN, The New York Times, or the ABC chain, which join several American public bodies where about 12,000 infections have already been detected.
In common, the variants aim to slow down the affected networks and cause the systems to reboot at the command of an attacker who acts remotely and without requiring any intervention by the user.
The code removal program made available by Microsoft on its website and in the Microsoft Download Center targets versions A to E of Zotob, Bobax.O, Esbot.A, Rbot.MA, Rbot.MB and Rbot.MC, explains the company.
Meanwhile, Panda Software has also made available a tool for removing malicious code that acts on all Zotob variants, on IRCBot.KC and IRCBot. KD.
Both companies refer to the impact of infections on the affected companies, but stress that the spread of the variants has remained controlled and relatively low. Even so, Microsoft reiterates that it has ongoing investigations to determine responsibilities.
2005-08-17 – Zotob multiplies in new variants and affects corporate networks
2005-08-16 – Security flaw already fixed by Microsoft at the origin of the Zotob virus
2005-08-12 – Critical flaw reported by Microsoft on Tuesday already has exploit