I’m sitting in the airport in Denver – watching CNN and reading my mail. Simultaneously I get an email alert from my IDS showing a lot of unusual activity, also a Microsoft PR person is on CNN describing the impact of the latest worm.
This from SANS:
Another PnP Worm: W32.Zotob.E
CNN is reporting a worm outbreak which is affecting their network, ABCNews, NYTimes, as well as Capitol Hill. All statements so far make this look like a Zotob variant…
Symantec just released info on the W32.Zotob.E worm here.
Trend Micro is also released this: WORM_RBOT.CBQ
This is an exploit of a known vulnerability, and the patch is available from microsoft here: Microsoft Security Bulletin MS05-039
Interesting – firewall, IDS, host-based hardening – all seems to work for many people. Good practice leads to safe computing.