• Home > Information Center > Latest Virus Threats

Rising Antivirus Virus Alert:  Worm.Zotob

Type: Worm

Risk: Dangerous

Systems Affected: Windows 2000,  XP,  Windows Server 2003

Date discovered: 15 Aug 2005

In-The-Wild: YES

Method of Propagation: Local Network

Encryption: No

Rising Antivirus version to detect/repair: 17.40.02

Description

It makes use of the following Exploit:
– MS05-039 (Vulnerability in Plug and Play)

After launched, it will

1.       Copy itself to Windows system directory as botzor.exe.

2.       Add the following registry key to enable the worm to run at startup:

HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentversionRun
 "WINDOWS SYSTEM" = botzor.exe
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentversionRunServices
 "WINDOWS SYSTEM" = botzor.exe

3.       Scan IP addresses of vulnerable machines and try to spawn a remote shell.  The shell will release a script file which will access a FTP site to download a copy of itself to local machine.

4.       Reboot the system

5.       Modify the HOSTS file and block the access to certain security websites.

Recommendation

Update your Rising Antivirus  to version 17.40.02 or above and perform a full scan of your computer. Enable Auto-Protect ability when connecting to internet.  Rising Antivirus  can protect your system against malicious threat.

You can download a 31-days trial version of Rising Antivirus :
Download Rising Antivirus

or

Buy a full version of Rising Antivirus:
Buy Rising Antivirus