• Hey Guest. Check out your NeoGAF Wrapped 2025 results here!

worm is shutting down CNN, ABC computers: Windows 2000 affected

Status
Not open for further replies.
X

xexex

Banned
I just saw this on CNN - their computers that run Windows 2000 are all down or mostly down, Windows XP systems seem to be ok. some nasty worm. CNN said that this was also affecting ABC's computers as well.



edit: CNN, ABC News, NY Times affected.

they're saying it's the fastest worm/ virus of its type in history.....

the correct name is 'ZOTOB' Worm

now CNN is saying this is affecting Win 95, 98, ME, 2000 *and* yes, Win XP
 
That's funny, my friend at IBM in Charlotte said his internet has been getting hit all afternoon and asked me if there was a new worm going around.
 
http://inhome.rediff.com/money/2005/aug/16virus.htm

Beware! New virus on the loose

August 16, 2005 16:46 IST

Network anti-virus and Internet content security major, Trend Micro on Tuesday warned Internet users of a new memory-resident worm that takes advantage of newly announced Microsoft Plug-and-Play security flaw.

What makes the new worm, WORM_ZOTOB, so notable is its exploit of Microsoft security hole and this 'exploitation' is believed to be the fastest in the history of malware creation, a statement said.

The new worm drops a copy of itself into the Windows system folder as Botzor.exe and it modifies system's Host files in the infected users' computer so as to prevent the user from getting online assistance from certain anti-virus Web sites.

The backdoor capabilities of the worm enable it to connect to a specific Internet Relay Chat (IRC) servicer and allow hacker a remote control over affected system, which can be used to infect other machines in the network.

Hundreds of 'infection reports' were sighted in US and Germany. "Since most of the users may not be aware of the newly announced security hole so as to install the necessary patch during last weekend, more infections in Asia Pacific and other regions are foreseen, it said.
Click to expand...
 
cnn2sh.jpg
 
How exactly does a machine get infected with this worm?

This appear to be fine on my computer so far, but I'd like to be able to take precautions.
 
CNN is now reporting that, besides ZOTOB, there is actually an even more serious worm affecting the internet and many computers.
 
I'm updating my Norton Internet Security as I type this message. :lol

Damn...this shit is serious. They said this is happening GLOBALLY.
 
http://www.pcmag.com/article2/0,1895,1848322,00.asp

Security Watch: New Worm Hits Windows Hole in Record Time
08.15.05
Total posts: 1


By Larry Seltzer
The Watch

It didn't take long: less than a week after Microsoft revealed a serious vulnerability in the Plug and Play service, worms were out on the Internet exploiting it. See how to identify the worms in this week's Top Threat section.

Spam, worms, DDOS attacks and many of the other ills that plague us are perpetrated through botnets. Whose networks are these botnets on? We name names in the Top Botnets section.

The Plug and Play vulnerability was a biggie, but it wasn't the only big deal this week. See all the other problems you should be addressing in the Top 5 Vulnerabilities section.

When you get a text e-mail, you might feel secure about it because it doesn't have any of that HTML nonsense in it, but is it really text? Things are not always what they seem, as we demonstrate in this week's Top Phish.

How do you identify a phishing attack? One way is to take advantage of a feature your e-mail client probably has. See what it is and how to do it in this week's Security Tip.

Since it's the most feared of last week's disclosed Windows vulnerabilities, this week we take a more detailed look at the Plug and Play vulnerability in the Security Alerts and Updates section.

Large corporations, universities and ISPs all have an ASN assigned to them. Find out what it is in Jargon Watch.

A Florida man stole 1.5 billion data files. Find a news story about this and other topics in the Security Watch Story Feed.
Click to expand...
 
MIMIC said:
I'm updating my Norton Internet Security as I type this message. :lol

Damn...this shit is serious. They said this is happening GLOBALLY.
Click to expand...


My NIS made a LOT of noise last night. I was wondering what was writing to my HD with vigor, and then I was updated. Related?
 
My crash box at work is being slammed by w32.Esbot.A since 10:00 am this morning. I just turned on the monitor and noticed 2000+ "we caught it" notices from my anti virus software the IT guys installed.

I turned the box off :P I don't have to do any more work today! mwa ha ha...
 
CNN stuff is pretty much getting back into operation. It was funny, everything was done or slow as hell for a while and now its all just fine.

Those IT boys are really good and finding, isolating, and purging bad machines from the network. But I wonder what this virus was because as far as I know it came in clean and struck really quick with little to no warning.
 
AB 101 said:
Good old MS getting some priceless publicity there. :D
Click to expand...


Doesn't matter - people will still buy the next version in droves hoping that it fixes all of these problems and then sign up for microsoft's smart update service to keep their machine protected.
 
"It only affected Windows 2000," said Stephen Toulouse, a manager at Microsoft's Security Response Center. "So far its has shown a very limited impact — we're not seeing any widespread impact to the Internet, but we remain vigilant."
Click to expand...

According to Microsoft its not a big deal, so don't worry about it...
 
Phoenix said:
CNN stuff is pretty much getting back into operation. It was funny, everything was done or slow as hell for a while and now its all just fine.

Those IT boys are really good and finding, isolating, and purging bad machines from the network. But I wonder what this virus was because as far as I know it came in clean and struck really quick with little to no warning.
Click to expand...

They knew about it beforehand, or at least they knew it was coming. MS released there monthly patches a while back, and then reports came out of virus code in work around the internet. A couple days after the new MS patches came out I started getting stuff like this from CERT, SANS, MS, etc. in my inbox

August 12, 2005

Windows 2000 users, patch now or else...


That's the blunt warning from Microsoft Corp.'s security response center after "detailed exploit code" for a wormable flaw started circulating on underground security Web sites.

The software maker rushed out an advisory late Thursday night to warn that unpatched Windows 2000 users are at the biggest risk of a PC takeover attack.

Ziff Davis Internet News has confirmed the existence of at least five exploits targeting several different vulnerabilities patched by Microsoft earlier this week.

The one that worries Microsoft the most is the exploit for the Plug and Play vulnerability addressed in the MS05-039 bulletin.


I guess the big companies just couldn't get the windows updates pushed out fast enough.
 
:lol :lol :lol Turn to ABC.

They were using Quicktime to do a broadcast. The camera's zoom wasn't close enough so you could see the entire console for almost 5 seconds. :lol

I would have captured it but I was too stunned to pick up the camera. :lol
 
Phoenix said:
According to Microsoft its not a big deal, so don't worry about it...
Click to expand...

I somehow doubt they'd come right out and say it was a big deal. ;)

How is it spreading? Outlook? Security holes that allow it to drop right in through non-firewalled machines?
 
xsarien said:
I somehow doubt they'd come right out and say it was a big deal. ;)
Click to expand...

For some reason it was able to gain control of Win2k systems by default, but Administrative privileges are needed to access the exploit on XP/server2k3... which makes it a pretty moot point for XP users.

It's being spread via it's own SMTP engine and then it port scans the network searching for vulnerable systems. It then tries to spread via port 445.. another reason it wouldn't even have a chance to effect a lot of XP machines as the firewall blocks this port by default. Unless you've messed with some of the ICMP settings or enabled "File and Printer Sharing" or made an exception to let 445 through the firewall on purpose.
 
SyNapSe said:
For some reason it was able to gain control of Win2k systems by default, but Administrative privileges are needed to access the exploit on XP/server2k3... which makes it a pretty moot point for XP users.

It's being spread via it's own SMTP engine and then it port scans the network searching for vulnerable systems. It then tries to spread via port 445.. another reason it wouldn't even have a chance to effect a lot of XP machines as the firewall blocks this port by default. Unless you've messed with some of the ICMP settings or enabled "File and Printer Sharing" or made an exception to let 445 through the firewall on purpose.
Click to expand...


doesnt xp give the default account administrator privileges ?
 
^^I would imagine so.

But anyway, I guess CNN and ABC were the only networks hit. MSNBC and Fox News haven't said a word about this. :lol

Why the fuck would CNN be using Windows 2000 anyway? They're just like my workplace: all the computers have Windows 2000 Professional.
 
This is the first I heard of it and it hasn't hit at work yet, thank god. Hopefully it's been neutralized.

I know my machine patched as I woke up the other morning and it was at the windows login prompt. I logged in and it said it had installed an update. Wow, imagine that... automatic updates actually preventing something.
 
Geez, lots of conflicting information here...

So does this affect Windows 2000, only Windows XP, or everything?
 
Windows 2000, Windows XP, and Windows XP SP1 are all affected by this.

Windows XP SP2, 95, 98, ME, are not. And I'm assuming NT isn't either.
 
Status
Not open for further replies.

Similar threads

AOL is finally shutting down its dial-up internet service
2
56
1K
Spukc replied
Microsoft is finally shutting down Skype in May
41
3K
MakeMudosGreatAgain replied
YouTube Shuts Down AI Movie Trailers [Screen Culture & KH Studio]
34
530
Mr Hyde replied
Anandtech is shutting down
39
4K
notseqi replied
AWS is down - internet in shambles
2
58
846
ForAcademicPurposes replied
Top Bottom