View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
August 17, 2005

Windows worms still on the move

Zotob and at least ten copycat Windows 2000 worms ran rampant on the internet over the last couple of days, with some speculating that rival criminal gangs are trying to beat each other out of infected computers to create botnets.

By CBR Staff Writer

Early in the day, F-Secure Corp reported that there were at least three variants of Zotob, a new worm called Bozori, and many more new variants of known malware Sdbot, CodBot, and IRCbot, all exploiting the same vulnerability.

The IRCbots were set up to remove Zotobs, and the Bozori’s were designed to remove the Zotobs, Rbots and SDBots, F-Secure said, inferring that the internet was witnessing a bot war, with rival gangs trying to outdo each other.

This has been known to happen. Last year, early variants of the MyDoom and Bagle email worms were designed to kill each other, when they found machines where the other was already installed.

Because all the latest worms drop back-doors on machines they infect, some are concluding that competing gangs are trying to create the biggest network of bots, drone machines that can be used in future nastiness. But not all agree.

It’s not necessarily a bot war, said McAfee virus research Lysa Myers. It could be the same person or gang just updating their old malware with new functionality, she said. Unlike previous worm wars, there is no comment text to indicate rival gangs.

Many firms were unprepared for the onslaught, as the first Zotob appeared just four days after Microsoft published security advisory MS05-039, which outlines the plug-and-play vulnerability that the worms all exploit.

Judging from the number of companies confirming outages as a result of infection, Zotob and its relations was the biggest network worm to hit the net since Sasser, last year. But antivirus firms and Microsoft insisted it was a relatively minor problem.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

ABC, Caterpillar, CNN, Disney, Daimler-Chrysler, the Financial Times, Kraft, the

New York Times, San Francisco International Airport, SBC, and UPS were among the corporations reported to have been infected.

In Australia, newspapers reported that a Holden car manufacturing plant, which had key systems running Windows, ground to a halt whilst producing AUS$6m of cars, and that Zotob was cited as the prime suspect.

Reports for California indicated that 12,000 local government PCs in San Diego county were crashed by Zotob or a variant.

Microsoft, however, said the worms were a minor threat, due to mitigating circumstances such as firewalls, the availability of a patch, and the fact that only Windows 2000 machines are generally affected.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.