Results 1 to 3 of 3

Thread: Worm strikes down Windows 2000 systems

  1. #1
    Senior Member
    Join Date
    Feb 2003

    Worm strikes down Windows 2000 systems

    Worm strikes down Windows 2000 systems

    A computer worm shut down computer systems running the Windows 2000 operating system across the United States on Tuesday, hitting computers at CNN, ABC and The New York Times.

    Around 5 p.m. computers began crashing at CNN facilities in New York and Atlanta. ABC said its problems began in New York about 1:30 p.m.

    The Caterpillar Co. in Peoria, Illinois also was reportedly affected.

    David Perry of Trend Micro said that the attack seems to have been triggered by a new worm, called worm--rbot.ebq. He said the symptoms -- computers repeatedly shutting down and rebooting -- was consistent with that virus.

    Johannes Ullrich, director of the Sans Institute, a network security firm in Jacksonville, Florida, said the outage also may have been caused by the Zotob worm, which was released last weekend.

    "It will connect to a control server to ask for instructions. It scans network neighborhoods and tries to infect them, as well," Ullrich said.

    read the rest here:

  2. #2
    T̙͓̞̣̯ͦͭͅͅȂͧͭͧ̏̈͏̖̖Z̿ ͆̎̄
    Join Date
    Dec 2004
    Back in the green...
    Back to InfoCon Green

    As Johannes mentioned yesterday, we are back to green. As his addition to the diary is still relevant, it bears repeating.

    As of Tuesday, 1:45 AM GMT (Monday 20:45 EDT), we moved back to infocon green.

    We moved to 'Yellow' on Friday, after we did see a number of exploits released for last weeks Microsoft Windows vulnerabilities, in particular MS05-039 (PnP) which is exploitable remotely.

    As expected, we did see various bots, in particular 'Zotob' take advantage of this vulnerability. At this point, the situation is however static. New bot variations keep getting developed, but they do not add any fundamental new variation of the exploit. We expect that most exploitable systems have been compromised at this point.
    SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System - Current Infosec News and Analysis

  3. #3
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Lets count now, so far we have ( from Trend Micro )
    ZOTOB.A ( W32.Zotob.A )
    ZOTOB.B ( W32.Zotob.B )
    RBOT.CBQ ( W32.Zotob.E )
    BKDR_RBOT.BD ( W32.Esbot.A )

    all attempting to exploit the PnP vulnerability announced in Microsoft Security Bulletin MS05-039

    Two of the above are classified as “ Medium Threats “ by Trend,
    ZOTOB.D and

    Two of the above are classified as “ Category 3 – Moderate Risk “ by Symantec, W32.Zotob.E ( Trend's RBOT.CBQ ) and
    W32.Esbot.A ( Trend's BKDR_RBOT.BD which isn't seen on Trend's Malware Advisory, but found if you search their site)

    Mcafee lists W32/IRCbot.worm!MS05-039 ( Trend's RBOT.CBQ ) as “high risk”

    sweet_angel said in this thread MS05-039 Exploit Code in The Wild that some ISPs block port 445.

    Well, either I am extremely lucky or my ISP is blocking it. I have been watching closely since thehorse13 posted info on the exploit and have not seen any hits to that port . ( I block and log all attempts in or out of my network for that port, as well as others ).

    Maybe someone is actually getting it? But apparently not those at offices on Capitol Hill, media organizations including CNN, ABC and The New York Times, and The Caterpillar Co. in Peoria, Illinois.
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts