Virus Alert FWIW

Dudley D. Doright f16rsdad at JUNO.COM
Wed Aug 17 11:05:20 MDT 2005

   - ORANGE VIRUS ALERT: The Zotob and IRCBot worms are perpetrating 
a large scale combined attack against companies and users around the
      - Virus Alerts, by Panda Software ( )

Madrid, August 17 2005 - According to data from PandaLabs, new variants
of the Zotob and IRCBot worms continue to appear, confirming the
intention of the creators to spread numerous malicious codes across the
Internet, increasing the probability of computers being affected by one
of them. Given this situation, the company has declared an Orange virus
alert status.

"The creators of these malicious codes want to exploit, as quickly as
possible, the recently discovered Plug and Play vulnerability in Windows.
To achieve this they will try to catch users unaware by spreading as many
variants as possible. In this way, even if users have just updated their
antivirus software, it is quite possible that new variants, not included
in the update, could enter their systems", explains Luis Corrons,
director of PandaLabs. "The solution against this type of attack involves
having proactive technologies which can detect malware by themselves with
no need for previous updates. Our TruPreventTM technologies have blocked
all these new worms, so systems with these installed have been protected
from the outset."   

The main characteristic of these worms is that they are designed to
exploit the Plug and Play vulnerability, chiefly affecting Windows 2000.
This means they are able to install themselves directly on a computer
from the Internet, without the need to use propagation channels such as
email and without needing users to run the infected file. Once this is
done, they create a backdoor in the system that allows an attacker to
take remote control of the computer. Because Windows 2000 is a platform
widely used across corporate environments, businesses are more
susceptible to infection from any of these new examples of malware.
According to Netcraft, 18 of the Fortune 100 companies and 36 of the FTSE
companies have this Microsoft operating system installed. 

In fact, media companies such as CNN, ABC and The New York Times, as well
as the US Congress and the company Caterpillar have already felt the
effects of these malicious codes. Nevertheless, bearing in mind that new
variants of Zotob and IRCBot could continue to appear, this list could
increase if the necessary measures are not taken.

However, home users must keep their guard up as well, as the
vulnerability also affects Windows XP. Although on this platform certain
conditions must be met in order for the vulnerability to be exploited. 

For users to protect themselves against these new malware specimens,
Panda Software advises users to download and install the update provided
by Microsoft -at to fix
vulnerability. To prevent these new variants of Zotob or IRCBot from
affecting your computer, Panda Software recommends keeping antivirus
software up-to-date. Panda Software clients can already access the
updates to detect and disinfect these new malicious codes.

Panda Software clients that don't yet have TruPreventTM Technologies
already have the updates available to install them along with their
antivirus and ensure they have preventive protection against unknown
viruses and intruders such as Zotob or IRCBot. For users with a different
antivirus program installed, Panda TruPrevent(tm) Personal is the perfect
solution, as it is both compatible with and complements these products,
providing a second layer of preventive protection that acts while the
antivirus is updated, decreasing the risk of infection. More information
about TruPreventTM Technologies at

To help as many users as possible scan and disinfect their systems, Panda
Software offers its free, online anti-malware solution, Panda ActiveScan,
which now also detects spyware, at Webmasters
who would like to include ActiveScan on their websites can get the HTML
code, free from

Panda Software also offers users Virus Alerts, an e-bulletin in English
and Spanish that gives immediate warning of the emergence of potentially
dangerous malicious code.  To receive Virus Alerts just visit Panda
Software's website (
and complete the corresponding form.

More information about these and other threats is available in Panda
Software's Encyclopedia at:

NOTE: The addresses above may not show up on your screen as a single
line. This would prevent you from using the link to access the web page.
If this happens, just use the 'cut' and 'paste' options to join the
pieces of the URL.

To unsubscribe from Virus Alerts, please visit:

To contact with Panda Software, please visit:
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the Rushtalk mailing list