Mailinglist Archive


CRYPTO-GRAM: The Zotob Worm
From:Joe Klemmer
Date: Tue, 15 Nov 2005 07:38:11 -0500

[If you aren't subscribed to CRYPTO-GRAM you should be.  It's one of the
foremost publications on security in the world.  Please pass this on to
as many places as you see fit (the 53L would be a good one).  -  jjk]


The Zotob Worm

If you'll forgive the possible comparison to hurricanes, Internet 
epidemics are much like severe weather: they happen randomly, they 
affect some segments of the population more than others, and your 
previous preparation determines how effective your defense is.

[...]

The worm started spreading on Sunday, 14 August. Honestly, it wasn't 
much of a big deal, but it got a lot of play in the press because it 
hit several major news outlets, most notably CNN. If a news 
organization is personally affected by something, it's much more likely 
to report extensively on it. But my company, Counterpane Internet 
Security, monitors more than 500 networks worldwide, and we didn't 
think it was worth all the press coverage.

By the 17th, there were at least a dozen other worms that exploited the 
same vulnerability, both Zotob variants and others that were completely 
different. Most of them tried to recruit computers for bot networks, 
and some of the different variants warred against each other -- 
stealing "owned" computers back and forth. If your network was 
infected, it was a mess.

http://www.schneier.com/crypto-gram-0511.html