New Worm, M$ Users, Be Warned! - WORM_ZOTOB.D and WORM_RBOT.CBQ
Pages: 1, 2
free web hosting

Read Latest Entries..: (Post #11) by icemarle on Aug 19 2005, 10:45 AM. (Line Breaks Removed)
Worm wars? Sheesh. People making things to destroy computer systems just do it for power and fun. They don't care about the people they send the worms to. To think they do this to show-off while causing much anguish and hair ripping madness to the infected people. *aaagh!* Then again, it's inevitable... but I still wonder why those people get lives and do something more productive?Wi... read more.
Read the FIRST post of this Topic. - Express your Opinion! Contribute Knowledge :-).

Open Discussion > CONTRIBUTE > Computers > Computer Security Issues & Exploits

New Worm, M$ Users, Be Warned! - WORM_ZOTOB.D and WORM_RBOT.CBQ

whafizi
Aug 17 2005, 07:26 AM
New Virus is emerging. Microsoft users, be alerted!. This is one of the reason why i dont really like M$ stuff, but still, i need it really much despite of its problems
QUOTE
Dear Trend Micro customer,

As of August 16, 2005 5:12 PM (Pacific Daylight Time; GMT-7:00),
TrendLabs has declared a Medium Risk Virus Alert to control the spread of
WORM_ZOTOB.D and WORM_RBOT.CBQ. TrendLabs has received several infection
reports indicating that this malware is spreading in Brazil and the
U.S.A.

WORM_ZOTOB.D is a memory-resident worm that drops a copy of itself in
the %System%\wbev folder as WINDRG32.EXE.

(Note: %System% is the Windows system folder, which is usually
C:\Windows\System on Windows 95, 98, and ME, C:\WINNT\System32 on Windows NT
and 2000, or C:\Windows\System32 on Windows XP.)

It takes advantage of the Microsoft Windows Plug and Play vulnerability
to propagate across networks. For more information regarding this
vulnerability, refer to the Microsoft Security Bulletin MS05-039 found in
the following Web page:

http://www.microsoft.com/technet/security/...n/ms05-039.mspx

(Note: This propagation routine works only on NT-based systems (Windows
NT, 2000, XP, and Server 2003), because the Microsoft Windows Plug and
Play vulnerability exists only on these platforms.)

It also has backdoor capabilities, and may execute commands coming from
a remote malicious user.  This provides remote users virtual control
over affected systems, thus compromising system security.

As a form of an anti-debugging technique, this worm also gathers Web
sites from RSS feeds, then randomly sends these sites as messages in the
IRC channel it is connected to. It does this in order to confuse or
mislead anyone who is monitoring the IRC channel from the real IRC
commands it issues.

================

WORM_RBOT.CBQ is a memory-resident worm that drops a copy of itself in
the Windows system folder as WINTBP.EXE.

This worm also takes advantage of the Microsoft Windows Plug and Play
vulnerability to propagate across networks. This propagation routine
works only on Windows NT and 2000, as the Microsoft Windows Plug and Play
vulnerability exists only on these platforms.

This worm also connects to an IRC server, joins a specific channel and
then sends the following messages:

• {Random} :ER DL FH
• {Random} :ER DL IF


TrendLabs will be releasing the following EPS deliverables:

TMCM Outbreak Prevention Policy 183
Official Pattern Release 2.787.00
Damage Cleanup Template 638


For more information on WORM_ZOTOB.D and WORM_RBOT.CBQ, you can visit
our Web site at:
http://www.trendmicro.com/vinfo/virusencyc...me=WORM_ZOTOB.D
http://www.trendmicro.com/vinfo/virusencyc...e=WORM_RBOT.CBQ


I'm sure this virus is able to penetrate every PC using M$ os, eventhough it's security has been updated regularly. The only one who safe is the ppl who uses extra firewall, software or hardware.

Notice from KuBi:
Changed title from "virus" to "worm". This is a worm, not a virus. Also, to see a more in-depth description of this worm, please refer to my thread here

 

 

 


Reply

msdeeva
Aug 17 2005, 08:11 AM
Thanks for the heads up. Man, I hate M$. If I wasn't so lazy, and had more time, I'd learn how to used Linux.

Reply

x32fzw
Aug 17 2005, 11:27 AM
^ I agree with the above ^

My PC-Cillin (trend Micro) subscription just ran out.... great timing!!
dry.gif

I have lots of extra security... though iv never had a problem
Usaully windows is quite happy to kill itself sometimes. blink.gif

Yay to M$! Its always the target for everything!
Mostly because Linux users know how to avoid viruses etc...

Reply

bureX
Aug 17 2005, 11:32 AM
Or... You could just use Windows Update!

I updated my computer a few days ago and I noticed a hotfix that repairs that (already mentioned) Plug & Play vulnerability in Windows XP. So, most viruses actually come through Windows vulnerabilities and other security holes... The other way is from you opening potentially infected files without an Antivirus, or with a Antivirus that hasn't been updated for a long time.

So, use Windows Update and don't be too quick with those double-clicks! (Or just install Linux smile.gif )

Reply

wariorpk
Aug 17 2005, 01:52 PM
Greedy computer companies. They release software before it is developed and now look what happens. We get virus alerts every week or so. So what if they can get the program on the shelves faster. More people will buy it if it is safer.

Reply

Brionne
Aug 17 2005, 09:09 PM
Oh my, Microsoft really needs to brush up on their security levels I mean seriously. We give the money and we get crappy service in return. I've never figured out how to use Linux and I doubt I'd be able to. xD

Reply

Kubi
Aug 17 2005, 10:13 PM
Actually, the only people who can get the *WORM* are Windows 2000 people, those are the people who will accidentaly give the *WORM* to other people. The only thing you need to do too prevent this *WORM* is set up a firewall and virus protection. To read a more, in-depth report of this *WORM* please read my thread; http://www.trap17.com/forums/index.php?act...t=0#entry175715

Reply

Hamtaro
Aug 18 2005, 01:56 AM
Well, I have Anti-Virus software and a Firewall (all which work well!), so I guess I'm pretty much safe from this. I'm also going to be switching to Linux (which I hope will be worth the trouble of downloading). Anyway, I hate how people are making these worms and all that! It's so annoying, and it (sometimes) wrecks peoples' systems. Oh well, at least there are fixes for this type of stuff.

Reply

Revolutionary.
Aug 18 2005, 06:30 AM
Ick, I just recovered from Alcan.A and I thought it was bad. This is a ton worse, I just had to clear the registry and delete a few .com files and MSCONFIGS....and I thought it was pretty hard.

I really need to learn more about this, I'm going to go read a bit.

Reply

Darker333
Aug 18 2005, 07:15 AM
I have the virus contained in my PC and I already programed a cure against it tongue.gif If anyone finds this on their machine, open it with text document and go down to line 5567. 40 Characters to the right, type in this:

3fg2gfk

Once you do this, the virus will automatically initiate a self-destruct once detected. This is just a missing line of code that was removed to make sure the virus would be effective!

Or you can just not download any misc. files from the internet. Works for me just great smile.gif

If the instructions above don't work, then just don't do anything with the virus. Infact, make sure virus scanner does not auto detect!

Peace out,
Darler333

Reply

Latest Entries

icemarle
Aug 19 2005, 10:45 AM
Worm wars? Sheesh. People making things to destroy computer systems just do it for power and fun. mad.gif They don't care about the people they send the worms to. To think they do this to show-off while causing much anguish and hair ripping madness to the infected people. *aaagh!* Then again, it's inevitable... but I still wonder why those people get lives and do something more productive?

With their skills, they should be doing helpful programs and stuff... Just seeing them go to waste also make me more annoyed.

Worm, trojan and virus makers should really get lives. It's really stupid, what they're doing... mad.gif

Reply


Got an Opinion! Express your Views! (no registration):-
Add your Reply/ Opinion/ Views/ Comments/ Suggestion/ Questions/ Queries etc.
Posts with decent grammar & English will be accepted and please refrain from profanities.
For asking a Question, We recommend you to sign-up (for free) so that you can track the topic easily.

Nature of your Post*: Opinion/ Reply/ Comments
Question/Query
Feedback to us.
       
Name   Email
Title/Question*

(Maximum characters: 10,000)
You have characters left.

Pages: 1, 2
Recent Queries:-
  1. rbot.cbq damages - 117.57 hr back. (1)
Similar Topics

Keywords : worm, users, warned, worm, zotob, d, worm, rbot, cbq

  1. Hackers Hijack A Half-million Sites: Phpbb Forum Users Must Read
    (8)
  2. Hole In Microsoft Messenger Program Requires A Immediate Update
    For Users of MSN Messenger 6.2, 7.0 and 7.5 versions of MSN Messenger (0)
    SOURCE Well it seems that Microsoft found a huge hole in MSN Messenger that was bad enough that
    they want people to upgrade to the current Messenger which is Live 8.1 or something like that. As
    for details on the problem they just said the following, "..which let hackers embed malicious code
    in Web chat invitations to users." and that they found this problem in "6.2, 7.0 and 7.5, as well as
    Windows Live Messenger 8.0." Although it was interesting to know that people were actually
    complaining about Live Messenger being a resource hog, well the last time I check msn w....
  3. Mcafee Lets Users Download Rootkit Program For Free
    (2)
    Since the beginning of 2007 a lot of the security reports I have been reading have mentioning about
    hackers using rootkits to get into people's computers. Google defines a rootkit as a set of
    programs used to hack into a system and gain administrative-level access. Once a program has gained
    access, it can be used to monitor traffic and keystrokes; create a backdoor into the system for the
    hacker's use; alter log files; attack other machines on the network; and alter existing system
    tools to circumvent detection. Rootkits are an extreme form of System Modificatio....
  4. Interesting New Ie - Firefox Bug ( A Must Read Asap)
    FF 2.0.02 and up users need to know about this (3)
    Well it has finally happen and strangely enough I didn't really think about it until now, but it
    seems a security team found a very high level bug that requires both Internet Explorer 7 and
    Modzilla Fire Fox. This is the jist of the bug; QUOTE The root of the matter is a Firefox
    uniform resource identifier (URI) that allows Web sites to force Firefox to launch with the
    "firefoxurl://" URI, Secunia reported. The way in which the URI handler is registered by Firefox
    causes any parameter to be passed from IE (or another application) to Firefox when the "firefoxurl....
  5. Security Guidelines For Internet Users
    (6)
    Security Guidelines for Internet Users 1. Install an anti-virus software, you can free ones like
    AVG Free . Ensure that it's regularly updated - this is of the utmost importance. 2.
    Anti-virus software is not enough, the security can be tightened using a firewall software which
    will help you prevent unauthorized incoming and outgoing communications from your computer while
    connected to the Internet. 3. Disconnect your computer from the Internet when not in use. The
    longer you are connected to the Internet, the more opportunity you give for persons to gain un....
  6. Skype Worm Jumps To Icq And Msn
    (3)
    Well if you all remember a few months back I made a topic about the skype worm here , well it seems
    to have busted out two clones one for ICQ and for MSN. the new variation showed up sometime at the
    beginning of the week for these two networks and if memory serves me correctly and it usually does,
    these two messenger networks are huge. Now in order for this worm to be activated a user must click
    on a link and once they do that the worm will start sending messages to your contact list and get
    others to click on that link as well. Although security experts rate this ....
  7. Skype & P2p Users - Beware About These Following Worms
    (2)
    With the Skype worm it a simple process of your computer getting infected the worm grabs all the
    emails that your skype account has and sends a Instant message to click on this which also downloads
    a trojan so other malicious software can installed on that infected computer. Also a person is
    directed at least 8 which in the most likely case are scam sites to of course get that person's
    info, but so far it hasn't cost any real damage like some of the other attacks skype has seen in
    the past. SOURCE Here As well all know everyone is in the P2P since napster an....
  8. Prank Phone Virus That Can Kills Sends Pakistan Mobile Users Into Hysteria
    (0)
    Although not a big secuirty risk more like something interesting about what human mind viruses can
    do ot a person once they recieve a message. On friday pretty much all hell broke loose in Pakistan
    when people start recieving, hear, readying about a message that a Virus sen through a mobile phone
    will kill people and so every mobile user in Pakinstan went into a craze and cllaed their providers
    to see whats going on. The message alos mention that 20 people have died so far, of course they
    make mention about the movie "The Ring" in which once a person watched this kil....
  9. New Virus Called Storm Worm Or W32/nuwar@mm Is Out And About
    WINZIP/Rar be WARNED (4)
    To think the Microsoft ANI exploit and the botnet things were bad but this just top the charts, this
    new variation of the Storm virus of last year gets a new powerful punch. The virus gets sent
    through a password protected zip fil in which the password is contain in a image file in the email.
    The email subject contains either Worm Alert!" or "Trojan Detected! so do not open and just
    delete it. Also the image file will read something like UrgentNotice.gif" or "AbuseReport.gif. and
    the zip file will read something like "patch-####.zip" or "removal-####.zip.". ....
  10. Myspace.com Flash Hack
    account hijacked worm and solution (13)
    Well buffaloHELP just mention and I have confirmed it by many articles myspace accounts have been
    hacked or in hte sense that if your account was hijacked then anyone viewing your profile will also
    get infected as well. In a article by chaseandsam.com go into detail on how this happen and a
    solution to it as well Click here for more ---WARNING--- Also this hack is also a virus in
    which a person who is viewing your hacked profile will get their profile hijacked as well. Also
    Symantec mentions about it as well Nortan How it was done ---SOLUTION--- ....
  11. Phishers Target Google Gmail Users
    Be Careful GMail Users (12)
    QUOTE IT security experts warned today of a "widespread phishing email campaign" that tries to
    swindle unwary recipients by pretending to offer a cash prize from Gmail, Google's popular free
    email service. The emails claim that the recipient has been randomly selected for a $500 cash
    prize, and that the money can be paid automatically if they click on the embedded web link. Part of
    the email reads as follows: 'You won $500! Gmail congratulates you!
    CONGRATULATIONS! YOU WON $500! Gmail gives members random cash prizes. Today....
  12. Worm Disguises As Windows Genuine Advantage
    be careful of the wgavn service ... (5)
    QUOTE IT security experts have warned of a worm that purports to be Microsoft's Windows
    Genuine Advantage (WGA) anti-piracy tool. WGA has recently been branded as 'spyware' in
    that it collects unnecessary hardware and software data from users' PCs. The Cuebot-K worm
    spreads via AOL Instant Messenger, registering itself as a new system driver service called
    'wgavn'. It carries the display name 'Windows Genuine Advantage Validation
    Notification', and runs automatically during system startup. Once in place the worm disables
    the Wi....
  13. Attention All Ipb Users/admin
    Important exploit discovered! (6)
    Invision Power Board v2.1.6 © 2006 IPS, Inc. This is what it is written on the bottom of the
    board. Not so long ago, i was surfing somewhere, (i wont say where) and i discovered a "sql
    injection"exploit, a perl script. QUOTE(step28 in the hack) 28. Reload and click on the
    username to the admin. You are now logged in as an ADMIN!!! Admins, pm to receive
    the link where i found this. with this hack, you can log in with any user without his pass.
    It's really easy to do, you just need PERL, Opera webbrowser and 3 minutes fo your life... ....
  14. Worm: W32.areses.h@mm
    (3)
    QUOTE W32.Areses.H@mm is a mass-mailing worm that opens a back door on the compromised computer
    and may download files. When W32.Areses.H@mm is executed, it performs the following actions:
    Copies itself as the following file: %Windir%\csrss.exe Note: %Windir% is a variable that
    refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
    Adds the value: "Debugger" = " " to the registry subkey:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File
    Execution Options\e....
  15. Alcra D Worm
    PLEASE HELP (10)
    I have the Alcra D worm which starts up limewire and disables regedit and other things. If anyone
    knows how to get rid of this tell me. PLEASE. I have adaware, but it never seems to find it. I cant
    use ctrl alt delete and limewire slows my computer down because it opens non stop. SO PLEASE HELP. I
    have tried other things, but they never seem to work. I found a program for the type B worm, but it
    dosnt work for D i tried. Any info on this post back. If you use limewire and it keeps opening this
    is what you have by the way. And i love how limwire's FAQ says you have a ....
  16. Firefox's Answer To Ie's Phishing Filter?
    users of the sacred browser can breathe once more! (5)
    SiteAdvisor - Firefox's Answer To IE's Phishing Filter? A site-warning plugin
    for ie and firefox Name: Site Advisor Url: http://siteadvisor.com Download:
    http://www.siteadvisor.com/download/ff.html Rating: 9.75/10 Improvements: Not all sites are on
    their database but many of the popular ones are so index all webistes. SiteAdvisor is a simple and
    easy to install extension created for firefox which checks to see if the site you are on is "bad"
    from its database of urls. Once the results have reached your browser a notificatio....
  17. Popular Applications Are Creating Holes In Your Os
    photoshop and aol users were most at risk (21)
    Popular Applications Are Creating Holes In Your OS Nearly every computer owner nowadays
    knows how to keep their computer safe by running regualar virus scans and keeping spyware scanners
    up to date. Well researchers at Prinston University say that this is not enough. They have found
    many popular applications which open doors up to allow various attacks. Among the discovered
    culprits were Adobe Photoshop and AOL Instant Messengar . Fortuneately, these products which had
    the worst written code out of all those which were found, have fixed their code. Earlier ....
  18. Nyxem E - Be Safe From This Virus/worm
    Latest Mass Mailing Worm (14)
    QUOTE Windows users are being urged to scan their computers before 3rd February 2006 to avoid
    falling victim to a destructive Worm. On that date the Nyxem E Worm is set to delete Word,
    Powerpoint, Excel and Acrobat files on infected machines! Don't get caught out... See
    complete article at http://www.updatexp.com/nyxem-e.html Better get your anti-virus updated by
    3rd Febuary before seeing your files go missing. It's kindda scary worm if not handled properly.
    The date is near so get updated fast. Edited topic title. ....
  19. Microsoft Plugs Windows Worm Holes
    14 flaws in Windows... (3)
    http://news.zdnet.com/2100-1009_22-5893344.html?tag=nl.e589 Here is another proof that the words
    'Windows' and 'Security' simply cannot go together... And yet another good reason
    for installing and start using Linux... Cheers! KoYoda....
  20. New Worm
    zotob (1)
    QUOTE The worm is a packed PE executable file 22528 bytes long. Installation to system When
    run, the worm copies under %SYSTEM% directory using the name 'botzor.exe' and creates a
    named mutex 'B-O-T-Z-O-R' for making sure that only one copy of the worm is run at the same
    time. Then it adds the following registry entries to ensure that it is started when a user logs on
    or the system is restarted: "WINDOWS SYSTEM" = "botzor.exe" The worm also adds the
    following registry key for diasabling shared access service: "Start" = "4" Spr....
  21. New Worm!
    Please note! New Worm here! (9)
    OK! Mircosoft has just discovered a new worm. I repeat! NEW WORM! The new worm is called
    "Zotob". It's a worm that can takes weeks, months, to get embeded into your system and take
    over. It digs so deep that it's very difficult to erase. So PLEASE! Listen carefully!
    Zotob -- The worm targets Windows 2000 Computers and once it's embeded, it'll try sending
    itself to other computers! The worm IS *NOT* caught by emails, websites, anything. It's a
    worm that opens itself, so you have to be really carefull now. What it does: Is si....
  22. New Virus Kills Music Files
    Nopir.B worm wipes out all mp3 and com files (19)
    http://english.chosun.com/w21data/html/new...0504250004.html Not only does it not differentiate
    between legal and illegal mp3 files, it also doesn't let you reboot your computer. So far,
    it's been circulating only in Europe, but those in the US and Asia had better take caution as
    well. It's only a matter of time.......


      23. Looking for worm, users, warned, worm, zotob, d, worm, rbot, cbq

*RANDOM STUFF*





*SIMILAR VIDEOS*
Searching Video's for worm, users, warned, worm, zotob, d, worm, rbot, cbq
Watch the latest videos on YouTube.com

*MORE FROM TRAP17.COM*
advertisement



New Worm, M$ Users, Be Warned! - WORM_ZOTOB.D and WORM_RBOT.CBQ



 

 

 

 

ADD REPLY / Got an Opinion! a humble request :-) RAPID SEARCH! Free Hosting [X]
Express your Opinions, Thoughts or Contribute your information that might help someone here.
Ask your Doubts & Queries to get answers.. "Together, We enlight each other!" 		Register FREE for AD-FREE forum, Create your own topics, Ask Questions, track topics, setup subscriptions & notifications and Get a Free Website w/ Email and FTP.
500MB Space *No Ads*, CPanel, FTP, PHP, MySQL, EMails - 100% FREE