Windows Worms
Recently, we have seen the advent of not just one, but many windows worms, based in a similar idea. Just days after Microsoft released a report about a Windows 2000 vulnerability and a patch for the vulnerability, hackers released a worm that exploited it. According to ZDnet, this is the fastest turnaround from a press release to a worm release in recent knowledge.
This worm, dubbed ZOTOB, initially was thought to be an issue for almost all versions of Windows that support “plug and play” capabilities, however it was found soon after that the only real problem lies with the Microsoft Windows 2000 operating system. Trend Micro, a leading Anti-virus company, has said that the spread of the ZOTOB worm has been less widespread than originally feared due to the fact that Windows 2000 is an older and less used operating system. This limits the number of home users; however, the number of businesses that might be affected remains a little more prominent.
Multiple variants of this worm have been seen in the days shortly after the original release. Two variants, called Zotob.A and Zotob.B, appear to have been written by competing virus writers, and indeed search the infected computer system for one another and attempt to remove the opposing virus. According to ZDNet, the main method of infection by this worm is probing port 445 (a port blocked by most firewalls), finding a vulnerable machine, and uploading itself. It then proceeds to search for more victims. The worm, while not destructive in itself, leaves a backdoor in the infected machine allowing anyone with the specific knowledge to connect to that PC. This worm is what is known as a “bot” which means it functions automatically without user interaction. A third variant, also written by an opposing group of hackers, even added a mass-email function giving it the capability to propagate through email rather than just vulnerable ports.
Which brings the question, “What can be done to address this and other worms that may arise?” The answer is fairly simple. Most worms move through the internet finding vulnerable systems and copying to those systems. A firewall will stand between most standard internet worms and your system, however they cannot stop e-mail worms and viruses.
The best way to stay protected, in addition to a firewall, is to ensure PCs are updated with the latest security patches from Microsoft, and that all anti-virus applications remain up-to-date.