Press Releases

Browse our press release archive

16 Aug 2005

More worms target new Microsoft vulnerability, as Zotob turns to email attack


Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, are warning computer users that hackers have released more worms onto the internet that exploit the recently discovered security vulnerability in Microsoft's software.

The W32/Zotob-C and W32/Tilebot-F worms are following in the wake of the W32/Zotob-A and W32/Zotob-B worms that were let loose on the internet over the weekend. All of these worms take advantage of the MS05-039 Plug and Play vulnerability announced by Microsoft last week, and there is a danger that many computer users may not have had the time to patch against the serious security hole.

The new version of Zotob goes one step further than its predecessors, by trying to spread via email rather than just networked computers. When it spreads via email the Zotob-C worm can use a number of disguises, including pretending to be a webcam photograph.

The Tilebot-F spyware worm can steal user account information from infected computers, and launch distributed denial-of-service attacks against websites.

"Because Zotob-C can also spread via email it has the potential to affect more people than the previous incarnations of this worm. The good news is that at the moment it does not appear to be spreading widely," said Graham Cluley, senior technology consultant for Sophos. "The Tilebot-F worm has been seen spreading in-the-wild, however, and so customers must check that they have the right defenses in place or they risk having critical information stolen. This is an important wake-up call for all computer users to ensure they have proper firewalls, the latest security patches, and automatically updated anti-virus software in place."

"Microsoft must be fuming that virus writers are exploiting security holes in their software so quickly after their announcement," continued Cluley. "It's not only embarrassing for the software giant, but a real headache for businesses who need to move quickly to roll out security patches across their networks."

Home users of Microsoft Windows can visit to have their systems scanned for critical Microsoft security vulnerabilities.

Sophos recommends that IT staff responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at . Sophos advised customers to patch against the latest security vulnerabilities in Microsoft's software last week.

Sophos continues to recommend that companies protect all tiers of their organization - their desktops, servers and email gateways - with automatically updated anti-virus software to reduce the risk of infection.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at