-=PCTechTalk=- Trend Micro Medium Risk Virus Alert - WORM_ZOTOB.D and WORM_RBOT.CBQ
- From: "David F. Wooledge" <wooledge001@xxxxxxxx>
- To: accmail Juno <juno_accmail@xxxxxxxxxxxxx>, "@freelistts PCTechTalk" <pctechtalk@xxxxxxxxxxxxx>
- Date: Tue, 16 Aug 2005 19:25:39 -0700 (PDT)
Trend Micro Newsletters Editor <editor@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:Date:
Tue, 16 Aug 2005 19:07:01 -0700
From: "Trend Micro Newsletters Editor" <editor@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: Trend Micro Medium Risk Virus Alert - WORM_ZOTOB.D and WORM_RBOT.CBQ
To: wooledge001@xxxxxxxxxxx
Dear Trend Micro customer,
As of August 16, 2005 5:12 PM (Pacific Daylight Time; GMT-7:00), TrendLabs has
declared a Medium Risk Virus Alert to control the spread of WORM_ZOTOB.D and
WORM_RBOT.CBQ. TrendLabs has received several infection reports indicating that
this malware is spreading in Brazil and the U.S.A.
WORM_ZOTOB.D is a memory-resident worm that drops a copy of itself in the
%System%\wbev folder as WINDRG32.EXE.
(Note: %System% is the Windows system folder, which is usually
C:\Windows\System on Windows 95, 98, and ME, C:\WINNT\System32 on Windows NT
and 2000, or C:\Windows\System32 on Windows XP.)
It takes advantage of the Microsoft Windows Plug and Play vulnerability to
propagate across networks. For more information regarding this vulnerability,
refer to the Microsoft Security Bulletin MS05-039 found in the following Web
page:
http://www.microsoft.com/technet/security/bulletin/ms05-039.mspx
(Note: This propagation routine works only on NT-based systems (Windows NT,
2000, XP, and Server 2003), because the Microsoft Windows Plug and Play
vulnerability exists only on these platforms.)
It also has backdoor capabilities, and may execute commands coming from a
remote malicious user. This provides remote users virtual control over affected
systems, thus compromising system security.
As a form of an anti-debugging technique, this worm also gathers Web sites from
RSS feeds, then randomly sends these sites as messages in the IRC channel it is
connected to. It does this in order to confuse or mislead anyone who is
monitoring the IRC channel from the real IRC commands it issues.
================
WORM_RBOT.CBQ is a memory-resident worm that drops a copy of itself in the
Windows system folder as WINTBP.EXE.
This worm also takes advantage of the Microsoft Windows Plug and Play
vulnerability to propagate across networks. This propagation routine works only
on Windows NT and 2000, as the Microsoft Windows Plug and Play vulnerability
exists only on these platforms.
This worm also connects to an IRC server, joins a specific channel and then
sends the following messages:
? {Random} :ER DL FH
? {Random} :ER DL IF
TrendLabs will be releasing the following EPS deliverables:
TMCM Outbreak Prevention Policy 183
Official Pattern Release 2.787.00
Damage Cleanup Template 638
For more information on WORM_ZOTOB.D and WORM_RBOT.CBQ, you can visit our Web
site at:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ZOTOB.D
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CBQ
You can modify subscription settings for Trend Micro newsletters at:
http://www.trendmicro.com/subscriptions/default.asp
______________________________________________________________________
This message was sent by Trend Micro's Newsletters Editor using Responsys
Interact (TM).
To unsubscribe from Trend Micro's Newsletters Editor:
http://trendnewsletter.rsc03.net/servlet/optout?mgLDATTDUEPhhsLKnLTTUFIpnMhhmDJhtE0
To update your subscription preference, or to change your email address:
http://trendnewsletter.rsc03.net/servlet/website/PersonalizedForm?mgLEwkLMLkLgJL9LgmLk.40hktELtHpsEPhhsLKnLTTUFIpnMhhmDJhtEhE3vyf_6v0v8_.2e_z18z
To view our permission marketing policy:
http://www.rsvp0.net
Copyright 1989-2005 Trend Micro, Inc. All rights reserved
Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA 95014
--
<Please delete this line and everything below.>
To unsub or change your email settings:
//www.freelists.org/webpage/pctechtalk
To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/
Other related posts:
- » -=PCTechTalk=- Trend Micro Medium Risk Virus Alert - WORM_ZOTOB.D and WORM_RBOT.CBQ
