ZOTOB worm spreading quickly across the nation this hour. seems to be exploiting Windows 2000 95 98 ME and XP.

Zotob.A is a worm targeting Windows 2000–based systems which takes advantage of a security issue that was addressed by Microsoft Security Bulletin MS05-039. This worm installs malicious software, and then looks for other computers to infect.

Important If you have installed the update released with Security Bulletin MS05-039, you are already protected from Zotob.A. If you are using any supported version of Windows other than Windows 2000, you are not at risk from Zotob.A.

As part of our Software Security Incident Response Process, our investigation has determined that only a small number of customers have been affected, and Microsoft security professionals are working directly with them. We have seen no indication of widespread impact to the Internet. Customers who believe they have been attacked should contact their local FBI office or post their complaint on the Internet Fraud Complaint Center Web site (http://www.ifccfbi.gov/). Customers outside of the United States should contact the national law enforcement agency in their country.

http://www.microsoft.com/security/images/actionstotake.jpg http://www.microsoft.com/security/images/1.gifCheck for Infection

When Zotob.A infects a computer, it attempts to deliver a malicious file named Botzor.exe. If your computer is infected, this file will be present and your registry will show changes. Use any of the following methods to check for infection. (If you find the file, you do not need to check the registry, and vice versa.)

Search your computer for the Botzor.exe file

1.

Click Start, point to Search, and then click For Files and Folders.

2.

Click Use Advanced Search Options. Under Search by any or all of the criteria below, enter the following information:

A. Under All or part of the file name: enter Botzor.exe.

B. Under Look in: click Local Hard Drives.

C. Under More Advanced Options, select Search system folders and Search hidden files and folders.

3.

Click Search.

Look for new keys added to the registry

•In registry key HKLM\Software\Microsoft\Windows\
CurrentVersion\Run added value WINDOWS SYSTEM with data of botzor.exe

•In registry key HKLM\Software\Microsoft\Windows\
CurrentVersion\RunServices added value WINDOWS SYSTEM with data botzor.exe

http://www.microsoft.com/security/images/2.gifIf Your Computer Is Not Infected

Help protect your computer against Zotob.A by installing Security Update 899588. Find the download link for your version of Windows in Microsoft Security Bulletin MS05-039 (http://www.microsoft.com/technet/security/bulletin/MS05-039.mspx).

If Your Computer Is Infected

Follow the Zotob.A recovery steps in the Microsoft Antivirus Encyclopedia (http://www.microsoft.com/security/encyclopedia/details.aspx?name=Worm:Win32/Zotob.A#Recovery).

Thanks, Mickey!

Yeah, thanks for the heads up, ML. :)

both WDW and DLR computers were hit today. "the office" was down for several hours this morning. though, i do NOT know if it was related to this virus.

In some reports I have read on this virus, worm, if you have XP and have SP2 installed, you have no worries.

Download those Windows updates, folks. Either make sure your automatic updates are running, or head to the Microsoft update site (http://g.msn.com/mh_mshp/98765?http://update.microsoft.com/microsoftupdate/&&HL=Microsoft+Update&CM=Navigation&CE=productResources)

In some reports I have read on this virus, worm, if you have XP and have SP2 installed, you have no worries.You're also okay if you are happily working on a Mac

Not to rub it in or anything

Yay for the underdogs ;) My Mac saves me many a worry.

My FreeBSD machine is perfectly safe as well... :p

You're also okay if you are happily working on a Mac

Not to rub it in or anything

Yup...I've been smoothly surfin the net with no antivirus, no spyware protection, and no firewall (except for the one bulit into my router) for over a year with no problems. Gotta love it!

this worm (thanks Name) hit both Anaheim and Orlando resorts in a big way!

let me add to the above post that only Networked office computers have been affected at the resorts by the worm.

let me add to the above post that only Networked office computers have been affected at the resorts by the worm.

Ok, so was it you who ate the worm then? Those Disney office parties are getting wilder every year...

let me add to the above post that only Networked office computers have been affected at the resorts by the worm.Whew... that takes a load off my mind.

I was deeply concerned that the FastPass® system was down.

Or the Big Thunder Ride Control system ;)

Or the Big Thunder Ride Control system ;)No; that was actually hit by the "Red Long John Virus"

WKMG: Computer Worm Hits Disney Computers, Locks Reserva
Computer worm briefly locked up reservation systems at Walt Disney World and Disneyland. Also impacted ABC, CNN, The Associated Press, The New York Times and Caterpillar Inc.
Full Story (http://www.local6.com/technology/4864146/detail.html)

up and running, but, debugging continues

briefly... more like several hours

WKMG: Computer Worm Hits Disney Computers, Locks Reserva
Computer worm briefly locked up reservation systems at Walt Disney World and Disneyland. Also impacted ABC, CNN, The Associated Press, The New York Times and Caterpillar Inc.
Full Story (http://www.local6.com/technology/4864146/detail.html)

up and running, but, debugging continues

briefly... more like several hours
What's the big idea of staying on topic when we're busy trying to derail it?!?