ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Flawed code limited Zotob's impact

Munir Kotadia ZDNet Australia

Published: 19 Aug 2005 10:15 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Havoc caused by variants of the Zotob worm could have been far worse had they not contained 'flaws', security companies said on Thursday.

Chris Andrew, vice president of product management at PatchLink, said that coding errors caused a few variants of the worm to send computers into a reboot loop, which meant they spent very little time spreading the infection.

"If you read the vulnerability description in that exploit it actually tells you that if you do it wrong it crashes the computer. If you do it right then nobody can tell you have hacked the computer," said Andrew.

He said companies that were hit by one of the flawed variants were "lucky" because it gave them more time to stop the infection taking hold.

"The people at CNN and ABC were very upset that their computers crashed, but they were the lucky ones," said Andrew.

James Turner, security analyst at Frost & Sullivan Australia, agreed that the worm could easily have been worse — because the flawed variants gave administrators some warning that they were under attack.

"Your ultimate crime does not leave any traces. The minute a worm forces computers to do things that are abhorrent — like rebooting — it draws attention to itself," said Turner.

Allan Bell, marketing director for McAfee Asia-Pacific, said the versions that caused systems to crash — which McAfee has called IRCbot.worm! — are "often copy and paste jobs" created using source code distributed online.

Patchlink's Andrew agreed: "There are documented materials available that show you how to do the hacks. It is hardly surprising that there are a whole bunch of [Zotob] variants".

American Express, Visa, Holden and Boeing are just some of the Australian-based companies that suffered from Zotob infections this week. In the UK, the Financial Times was hit.

As part of its monthly patching cycle, Microsoft last Tuesday released a number of security updates, including the now infamous MS05-039, which fixed a critical vulnerability in Windows 2000. Within days, exploit code was being distributed and on Sunday the first Zotob worm was discovered in the wild.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Dell

Did you find this article useful?
68 out of 121 people found this useful


Talkback

Post a comment


Full Talkback thread

1 comment

  1. It was also a slow-moving MS worm. Sapphire used... Olav Petri

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:




Related Jobs

C++ Specialist - Financial Software Development - Equity Derivatives

The development team is responsible for highly distributed systems. The team works in close collaboration at all levels with business users in ...

Security Consultant Ethical Hacking / Penetration Testing - London

Responsibilities: - Deliver security assessment services including network scanning, vulnerability testing, penetration testing, search engine ...

HP-UX Administrators - 50,000 - West Yorkshire

A superb opportunity to work with the latest technology and in one of the most progressive technology companies in Yorkshire. Due to continuing ...

Featured Talkback

What was achieved there is recognised to be of fundamental importance to both winning the war (Churchill visited to say 'thank you' to them) and the development of the computer. Maybe Bill Gates doesn't want to support this museum because it underlines where electronic computing started i.e. here, not the U.S.

By: 1000103773

Read full story:
Bletchley Park faces bleak future

Sentry Posts Blog

Skype - The Roach Motel

Here is an interesting article from The National Business Review, pointing out once again that you can never delete a Skype account. Never. Period. This is something I am familiar... More

Post a comment

The vPhone: Why Visa Should Go Mobile

The vPhone: Why Visa Should Go Mobile Author: Eric Everson, Founder MyMobiSafe.com With all of the success of Apple’s iPhone, there is a growing case to support a company like Visa... More

Post a comment

The Google Apple Merger: Fantasy or Fu...

The Google Apple Merger: Fantasy or Future? Author: Eric Everson, Founder MyMobiSafe.com Market research suggests that Microsoft controls upwards of 90% of the respective computer-based... More

2 comments

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers