Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • Development

    Zotob Worm Could Squirm on Windows XP

    By
    Ryan Naraine
    -
    August 24, 2005
    Share
    Facebook
    Twitter
    Linkedin

      Microsoft late Tuesday warned that the Zotob worm could start squirming through certain configurations of Windows XP SP1 (Service Pack 1).

      The worm, which squirms through a flaw in the Windows PnP (Plug and Play) service, has wreaked havoc on unpatched Windows 2000 machines, but new information suggests some Windows XP users could also be at risk.

      Late Tuesday, Microsoft Corp. issued a new advisory that confirmed the expanded threat and recommended that users implement workarounds to thwart a new worm outbreak.

      Users of Windows XP SP2 are not vulnerable to remote attacks.

      Microsoft also noted that the risk of infection on Windows XP SP1 systems remains low because the exploit will not affect default configurations of the operating system.

      According to the advisory, a feature known as Simple File Sharing and ForceGuest must first be enabled to expose users to a potential Zotob exploit.

      The new attack vector, which was discovered by Symantec Corp.s DeepSight Threat Analyst Team, manifests itself when the “Guest” account is both enabled and removed from the “Deny access to this computer from the network” entry in the “User Rights Assignment” Security Policy.

      /zimages/6/28571.gifRead more here about the first wave of Zotob worm exploits.

      “While performing further investigations into this vulnerability, weve been able to carry out anonymous remote exploitation against certain non-default configurations of Windows XP SP1. This can happen when Simple File and Print Sharing has been enabled, for example by sharing a folder or a printer with the local network,” the DeepSight team warned in a note posted online.

      “It is important to note that Simple File and Print Sharing is only available on Windows XP machines that are not part of a Windows Active Directory Domain. However, configuring a Windows XP SP1 host to share network resources prior to joining an Active Directory Domain will leave it in the vulnerable state even after the Domain is joined,” the company warned.

      Microsoft noted that there is no change to the MS05-039 bulletin that provides patches for the flaw, making it clear that the patches provide full protection to all affected versions of Windows.

      /zimages/6/28571.gifRead more here about Microsofts updated worm removal tool.

      The company also downplayed the severity of the new attack vector, noting that on Windows XP SP2, the impact is limited to privilege escalation and only exploitable if a user has the ability to log on locally to the system.

      “Simple File Sharing is not available on Windows XP systems that are joined to a domain. Domain-joined systems use standard file sharing, which does not enable the Guest account or give it permissions to access the system through the network. Windows XP Service Pack 2 is not vulnerable remotely in domain-joined systems or in workgroup-joined systems,” Microsoft said.

      Workarounds:

      Microsoft is recommending that Windows XP Pro customers that cannot disable the Guest account should change the default password on the Guest account.

      This will require all systems on your network to provide this password to connect to each other.

      “Configuring a password on the Guest account will help prevent these systems from becoming remotely vulnerable to issues that attempt to authenticate using the Guest account credentials,” the company said.

      Windows users should also consider blocking TCP ports 139 and 445 at the firewall.

      “These ports are used to initiate a connection with the affected protocol. Blocking them at the firewall, both inbound and outbound, will help prevent systems that are behind that firewall from attempts to exploit this vulnerability.”

      Microsoft has also shipped an update to its malware removal tool to detect and delete the Zotob worm family.

      The update provides protection for 10 mutants to help with the cleanup process.

      According to Finnish anti-virus vendor F-Secure Corp., at least three Zotob mutants and several IRC (Internet Relay Chat) bots have been squirming through unpatched Windows machines.

      /zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Ryan Naraine

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×