 | W32/Zotob.A Worm| Name | W32/Zotob.A Worm | | Aliases | W32/Zotob.worm, W32.Zotob.A, Zotob.A | | Discovered on | 14th August, 2005 |
 Virus Information - W32/Zotob.A Worm:
W32/Zotob.A is a worm. This worm infects systems running on Windows 2000/XP/2003. The worm spreads through network. This worm exploits LSASS and PnP vulnerabilities present in Windows as explained by Microsoft Security Bulletin MS04-011 and MS05-039.
Upon execution, the worm copies itself as botzor.exe in the Windows System folder.
It modifies the Windows registry at the following location to load itself during next startup;
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
It also modifies the registry at the following location to disable shared access in the infected computer.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess
The worm modifies the HOSTS file to block access to anti-virus websites.
Microsoft has released the patch for the MS04-011 and MS05-039 vulnerabilities. It can be downloaded from the following links:
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
http://www.microsoft.com/technet/security/bulletin/MS05-039.mspx
Users should apply these patches downloaded from the links provided above to remove the vulnerabilities inherent in the system.
|
