|
| The worm exploited a Microsoft vulnerability,
allowing hackers to take remote control of affected PCs. |
Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have
determined that separate groups of hackers are releasing a barrage
of worms in a battle to seize control of innocent users' computers.
Overnight, it has been confirmed that
organizations such as CNN, ABC Television, The New York Times and
the Financial Times have been hit.
The W32/Zotob-F
worms (also known as Bozori) attempts to remove infections by
earlier versions of the Zotob worm and other malware, so it can
take control of the compromised computer for itself. W32/Zotob-F is
related to the W32/Tpbot-A worm, which also exploits the same
Microsoft MS05-039 Plug and Play vulnerability that hackers have
focused on as a way into poorly defended businesses.
"Once one of these worms has control over your computer, it can
use your PC for sending spam, launching an extortion
denial-of-service attack against a website, stealing confidential
information or blasting out new versions of malware to other
unsuspecting computer users," said Graham Cluley, senior
technology consultant for Sophos. "Organized criminal gangs are
behind attacks like these and their motive is to make money. Owning
a large network of compromised computers is a valuable asset to
these criminals, and every business needs to take steps to ensure
they are not the next victim on their list."
The worms are affecting computers which are not properly patched
against Microsoft security holes such as the MS05-039 Plug and Play vulnerability.
More and more virus writers are exploiting the new MS05-039
vulnerability that Microsoft issued a patch against last week. The
list of malware which uses the security hole to spread
includes:
How to protect your computers
Home users of Microsoft Windows can visit windowsupdate.microsoft.com to have their systems
scanned for critical Microsoft security vulnerabilities.
Sophos recommends that IT staff responsible for security should
consider subscribing to vulnerability mailing lists such as that
operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.
Sophos advised
customers to patch against the latest security vulnerabilities
in Microsoft's software last week. The patch for the MS05-039 Plug
and Play vulnerability can be found at on Microsoft's website. However, Sophos
recommends that businesses also ensure they are protected against
other vulnerabilities commonly used by worms and hackers such
as:
LSASS (MS04-011) security vulnerability
RPC-DCOM (MS04-012) security
vulnerability
MSSQL (MS02-039) security vulnerability
UPNP (MS01-059) security vulnerability
WebDav (MS03-007) security vulnerability
"The only good thing which might come out of this high profile
worm outbreak is that more people and businesses may wake up to the
importance of properly protecting their systems from viruses and
internet worms," said Cluley. "All companies should take a long
hard look at their networks and ask, 'could that have happened to
us?'"
Sophos continues to recommend that companies protect all tiers
of their organization - their desktops, servers and email gateways
- with automatically updated anti-virus
software to reduce the risk of infection.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.