Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Why Network Adminstrators Failed Protecting Against Zotob

For much of this week we've been tracking the proliferation of the Win32.Peabot—a worm that also goes by the name of Zotob. This attack, like many others, came after the disclosure of an exposure in current versions of Windows that continues to suggest a cause and effect pattern of 'patch-release virus attack.'

This worm has hit a number of high profile sites but, so far, only unpatched Windows 2000 systems have been reported as damaged. This is because the extra work needed to attack an unpatched Windows XP system has delayed, if not prevented, a variant that will attack Windows XP based systems. This suggests, that at the very least, systems with this newer version have a longer grace period before they can be attacked.

Currently the working theory is that the organizations under attack have not protected themselves against laptop computers that, in attacks like this, perform the role of carriers and physically bypass the perimeter security in place in the company to infect other, normally well protected, computers. As with most worms of this type a properly configured firewall will stop the current generation of virus variants cold if the firewall is allowed to perform its function.

What is somewhat scary about this virus incident is that it appears to be a large and growing number of variants each more damaging then the last, making it almost look like there is some type of perverted competition between virus writers to see who can do the most damage. It is important to remember that companies with adequate security surrounding laptop use, and those that follow recommended practices with perimeter protection have likely not been impacted.

The Patching Strategy

  • 1