Source Pravda.Ru

New internet virus targets Windows

A new worm that was unleashed over the weekend affects only a limited group of Windows users. The virus targets newly announced flaws in Microsoft's Windows operating system.

Trend Micro Inc. said the Zotob virus exploits security holes in Windows 95, 98, ME, NE, 2000 and XP platforms and can give hackers remote access to affected systems, according to Reuters.

The worm drops a copy of itself into the Windows system folder as BOTZOR.EXE and modifies the system's host file in the infected machine to prevent the user from getting online help from anti-virus Web sites, Trend Micro said.

The virus can also connect to a specific Internet relay chat server and give attackers remote control over affected systems, which can be used to infect other unpatched computers in a network, Xinhua reports.

While early reports on Zotob suggested it was spreading rapidly, the impact of the worm has actually been restricted because it targets PCs running Windows 2000, an older version of the software, Microsoft said. It poses no threat to computers running the newer Windows XP and Windows Server 2003, the company added.

"Only a small number of customers have actually been affected," Stephen Toulouse, a program manager in Microsoft's security group, was quoted as saying by ZDnet. "It is not something that has any type of widespread impact on the Internet...It hits Windows 2000 customers very specifically."

Zotob appeared in record time after Microsoft's patch release, according to Trend Micro. "This is the fastest turnaround from the announcement of the vulnerability to an actual virus," Perry said.

Users of Windows 2000 should be on guard, especially if they are not using a firewall, said Mikko Hypponen, director of antivirus research at software maker F-Secure. Zotob.A and Zotob.B scan the Internet for vulnerable systems using TCP port 445, a port typically blocked by a firewall, he said.

When a target system is found by Zotob, it installs a shell program on the computer that downloads the actual worm code, named Haha.exe, using FTP (File Transfer Protocol). The newly infected system then starts searching for new computers to compromise.

Comments
How Russia can respond to Israel following Ilyushin Il20 shootdown
The Globalization of the Law: A chimera
Kremlin reacts to Russian model poisoning in Salisbury
Kremlin reacts to Russian model poisoning in Salisbury
Russia sees Israel as enemy after Il-20 shootdown
MiG-31 supersonic fighter jet crashes in Central Russia, pilots eject
MiG-31 supersonic fighter jet crashes in Central Russia, pilots eject
Most Russians want smartphones banned in schools
MiG-31 supersonic fighter jet crashes in Central Russia, pilots eject
Russia sees Israel as enemy after Il-20 shootdown
MiG-31 supersonic fighter jet crashes in Central Russia, pilots eject
Russia sees Israel as enemy after Il-20 shootdown
Trump sows death in Gaza Strip as US to celebrate opening embassy in Jerusalem
Russian Navy admiral says Russia will torpedo US warships, if need be
Russian Navy admiral says Russia will torpedo US warships, if need be
MiG-31 supersonic fighter jet crashes in Central Russia, pilots eject
Former GRU officer exposes two Russian Salisbury spies
Africa's heart bleeds, who is to blame?
How Russia can respond to Israel following Ilyushin Il20 shootdown
Africa's heart bleeds, who is to blame?
Woman sucks her men dry in bed like female spider