On last.fm: Exclusive interview with Phoenix
BNET Business Network:
BNET
TechRepublic
ZDNet
49 TalkBacks

By Munir Kotadia
Posted on ZDNet News: Aug 19, 2005 2:10:00 PM

Havoc caused by variants of the Zotob worm could have been far worse had they not contained flaws, security companies say.

Chris Andrew, vice president of product management at PatchLink, said that coding errors caused a few variants of the worm to send computers into a reboot loop, which meant they spent very little time spreading the infection.

"If you read the vulnerability description in that exploit, it actually tells you that if you do it wrong it crashes the computer. If you do it right, then nobody can tell you have hacked the computer," Andrew said.


Related story
Blaming Microsoft
Many users blame
Redmond for Zotob
and its variants,
a survey says.

He said companies that were hit by one of the flawed variants were "lucky" because it gave them more time to stop the infection taking hold.

"The people at CNN and ABC were very upset that their computers crashed, but they were the lucky ones," Andrew said.

James Turner, security analyst at Frost & Sullivan Australia, agreed that the worm could easily have been worse--because the flawed variants gave administrators some warning that they were under attack.

"Your ultimate crime does not leave any traces. The minute a worm forces computers to do things that are abhorrent--like rebooting--it draws attention to itself," Turner said.

Allan Bell, marketing director for McAfee Asia-Pacific, said the versions that caused systems to crash--which McAfee has called IRCbot--are "often copy-and-paste jobs" created using source code distributed online.

PatchLink's Andrew agreed: "There are documented open-source materials available that show you how to do the hacks. It is hardly surprising that there are a whole bunch of (Zotob) variants."

American Express, Boeing and Holden are just some of companies with Australian locations that suffered from Zotob infections this week.

As part of its monthly patching cycle, Microsoft last week released a number of security updates, including the now infamous MS05-039, which fixed a critical vulnerability in Windows 2000.

Within days, exploit code was being distributed, and on Sunday the first Zotob worm was discovered in the wild.

Munir Kotadia of ZDNet Australia reported from Sydney.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 49 Talkback(s)
i didnt mean to start a whole thread on this...
i was jokingly saying spam. i know you only mentioned a product and its features. im not out to get you and i dont know any stalkers or whatever, so dont get all paranoid. (i had a call the other d... (Read the rest)
Posted by: linuxoverwindows Posted on: 08/22/05 You are currently: a Guest | | Terms of Use
Flawed code throttled spread of Zotob variants  Loverock Davidson | 08/19/05
FLAWED CODE FOR A FLAWED OS  itanalyst | 08/19/05
FLAWED CODE FOR A FLAWED OS  Loverock Davidson | 08/19/05
Smaller Virus infects the ultimate Virows  jtsdata@... | 08/21/05
Incompetent worm writers...  jasonp@... | 08/19/05
If you run Win2K, you deserve this...  Mike Cox | 08/19/05
Upgrade, but NOT to 2003  ISGeek77 | 08/19/05
Sorry, nobody deserves to have to put up with this.  Trilevel | 08/19/05
Hi Sailor, don't come here often do you?  Squawkbox | 08/19/05
The good Mr Cox  cw_home@... | 08/19/05
my bet is: OWNED  linuxoverwindows | 08/20/05
TCW - Total Cost of Waiting  jtsdata@... | 08/21/05
Shill Show (repeat)  whisperycat | 08/19/05
That one rivaled Mike Cox!  Sir_Chancealot | 08/19/05
Sadly this very faithfully simulates the 'dialogs' with  michael_t | 08/19/05
jolly good show, old chap!  linuxoverwindows | 08/20/05
Good one. For me:  Grayson Peddie | 08/20/05
SPAM! lol  linuxoverwindows | 08/20/05
It's not an ad.  Grayson Peddie | 08/20/05
just this part...  linuxoverwindows | 08/20/05
Please, stop that.  Grayson Peddie | 08/20/05
i didnt mean to start a whole thread on this...  linuxoverwindows | 08/22/05
Bad one. For me...  j.dupont | 08/21/05
No it is you that should go to school.  ShadeTree | 08/22/05
Humorous!  ShadeTree | 08/22/05
Whose code are you calling flawed!?! sad  An_Axe_to_Grind | 08/19/05
Just kidding!  An_Axe_to_Grind | 08/19/05
dude, you almost...  linuxoverwindows | 08/20/05
How that good ole saying goes...?  computer_man | 08/19/05
RE: How that good ole saying goes...?  nightshade0143 | 08/19/05
great idea...  linuxoverwindows | 08/20/05
Just proves 2 wrongs don't make a right  Squawkbox | 08/19/05
second mouse gets the cheese:  linuxoverwindows | 08/20/05
Confucius say...  X Marks The Spot | 08/21/05
Made in MS Visual studio, engaging Win32 API ....  pj-xmesh | 08/19/05
Easily explained  Taz_z | 08/19/05
Programming quality continues to drop  Billosaur | 08/19/05
Haha! Good one!  NonZealot | 08/19/05
You right it is the best replay.  computer_man | 08/19/05
the problem with cut and paste  linuxoverwindows | 08/20/05
It's the Firewall Stupid!  osreinstall | 08/19/05
Not just Windows 2000 folks  AuburnFootball | 08/19/05
So the worm guessed the admin password on your machine?  toadlife | 08/19/05
ive seen xp go into a reboot circle before...  linuxoverwindows | 08/20/05
Flawed code throttled spread of Zotob variants INSTEAD  michael_t | 08/19/05
Microsoft and script kiddies deserve each other.  Immanuel Tranz-Mischen | 08/20/05
its a dish best served...  linuxoverwindows | 08/20/05
And all others affected  Boot_Agnostic | 08/20/05
Feedback Loop  Canario_z | 08/20/05

What do you think?

advertisement
advertisement

White Papers, Webcasts, and Downloads

Meet Doc