W32/Zotob

In a Microsoft Security Advisory (906574) released on 23 August, Microsoft noted that there are certain non-default configurations of Windows XP with Service Pack 1 that are also exposed to this Plug and Play vulnerability. Please ensure that you have patched your system by visiting Windows Update and downloading the appropriate updates.

New variants of the Zotob worm (W32/Zotob.B and W32/Zotob.C) have appeared in the last few days. These variants exploit the same Plug and Play vulnerability in Windows 2000 as W32/Zotob.A and have gained considerable distribution. Please ensure that you have patched your system by visiting Windows Update and downloading the appropriate updates.

A new worm exploiting a vulnerability in Microsoft's Plug-and-Play technology has gained considerable distribution. The vulnerability exploited by W32/Zotob.A was recently reported in Microsoft Security Bulletin MS05-039 - [KB899588]. Users who have not yet patched their machines with patches reported in Microsoft's Security Bulletins for August are advised to do so as soon as possible.

W32/Zotob.A is a self-executing worm that targets computers running Windows 2000 machines that do not have the patch reported in MS05-039 installed. W32/Zotob.A has been classified as medium risk by FRISK Software virus experts.

Recommended Reactions

Users are advised to update their virus signature files and make sure they have the latest versions of F-Prot Antivirus installed on their computers.

After updating the virus signature files, users should scan their whole system with the F-Prot Antivirus OnDemand scanner to ensure that their computer security was not compromised before the virus signature files were updated.

Threat Detection

The latest versions of F-Prot Antivirus detects W32/Zotob.A using virus signature files dated 14 August 2005 or later.