Internet Storm!

CNN reported a worm outbreak this afternoon involving their network, ABCNews, NYTimes, as well as Capitol Hill.

Information is still flowing on this situation, but here’s what we have so far:

Symantec just released info on the W32.Zotob.E worm here.

Trend Micro also released information under WORM_RBOT.CBQ.

McAfee released information as well: W32/IRCbot.worm

This is an IRC bot worm, and will scan for TCP port 445, and for file shares. McAfee reports in it’s bulletin that systems not patched for MS05-039 will continually reboot.

It exploits known vulnerabilities, and the patch is available from microsoft here: Microsoft Security Bulletin MS05-039

More updates coming as we analyze and gather more information!

From the SANS Internet Storm Center

Hope ya’ll patched your Windows boxes. If not, get to work! I have already noticed some slowness on the internet – possibly because the cable modem segment that I am on is filled with unprotected Windows boxes.

Let me check my home network…

2 Macs – Check
1 Linux – Check

All done!

What is totally silly about this is that the worm exploits the windows Plug and Play system via port 445. A big WTF goes out to the guys in Redmond: why does Plug and Play need to access any IP ports? Unless ya’ll are using PnP to mount network drives – but come on. No one would be…

Well, perhaps they are?

2 thoughts on “Internet Storm!”

  1. Bill is in cahoots with the AV vendors who are controlled by with the Virus Writers who are controlled by the Spammers who are controlled by the UFO’s.

    The Network attacks the Spammers to control – and throws 23 Mega Bucks into the attack!

  2. Of course, I patched up my winXP machine, but not without a little hassle from Microsoft. Apparently, they’re doing this authenticity check of windows software before you can do the regular round of critical updates.

    At first, I had a problem in that my software wouldn’t authenticate (even though it IS a legitimate copy).

    Did I mention that I am so done with windows?

    I’m almost wonder if Bill isn’t in cahoots with all the antivirus companies.

Comments are closed.