Zotob worm outbreak

August 16, 2005 10pm

At roughly 5:30pm there was an outbreak of a variant of the Zotob worm on campus. This worm affects Windows machines that have not applied the MS05-039 patch that was released on August 9.

The primary targets are Windows 2000 machines. Windows XP SP2 and 2003 are unaffected, but certain configurations of pre-SP2 XP machines may be vulnerable. The worm operates by exploiting the UPnP vulnerability over TCP port 445. After opening various backdoors, the worm propogates by scanning for other machines in the same class B network in addition to randomly generated addresses. .

Please install the MS05-039 patch immediately.

http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx