Utrecht, 17 augustus 2004 - Trend Micro, Inc. (TSE: 4704, NASDAQ: TMIC), a leader in network antivirus and Internet content security software and services, has declared a Medium Risk alert to control the spread of WORM_ZOTOB.D and WORM_RBOT.CBQ. According to Joe Hartmann, director of anti-virus research at Trend Micro, the Zotob virus has already hit several media organizations including CNN, ABC News, New York Times and the Financial Times.
Since Microsoft's announcement of the "Plug-and-Play" (MS05-039) vulnerability late last week, malware writers have been working overtime to exploit the vulnerability, before users have a chance to patch their machines.
Security experts at antivirus and content security firm Trend Micro discovered six new "bots" - which are worms that have the capability to propagate via a network of "zombie" computers, which have been infected without the user's knowledge.
According to Joe Hartmann, Director of the Anti-Virus Research Group at antivirus and content security firm Trend Micro, there are multiple variants from multiple authors. "We are seeing several new variants of ZOTOB, as well as other bots, which all use the same exploit code" says Hartmann. "They all have the same core functionality, but have added new code functionality, such as a mass mailer, which we saw with ZOTOB.C yesterday. This can lead to faster and more widespread proliferation around the world."
Security experts add that this is common among malware writers. The original exploit code is written and posted to a public Internet site, then the other writers append additional functionality, such as more advanced seeding and propagation techniques, to make the malware more pervasive.
As of this writing, the six active worms are:
* WORM_ZOBOT.C
* WORM_ZOBOT.D
* WORM_RBOT.CBQ
* WORM_RBOT.CBR
* WORM_SDBOT.BZH
* WORM_DRUDGEBOT.A
Security experts at Trend Micro recommend that users take the following measures to protect against these and other attacks:
* Ensure your system is patched with the most current Microsoft system update.
* Ensure your antivirus definitions are kept up to date. To remove the manual burden of doing this, most antivirus companies offer an automated update option within their security product.
* Trend Micro offers HouseCall, a free virus scanning service, available at http://housecall.trendmicro.com. Existing Trend Micro PC-cillin customers can also utilize the network virus wall and vulnerability assessment modules*, which are built into the product, to help keep their system up to date.
* The Network Viruswall (NVW) pattern stops this worm from spreading throughout the network and infecting other machines. A network that is protected by the NVW pattern is assured that any instance or presence of the code at the network layer is immediately filtered out before it causes any damage.
The Vulnerability Assessment (VA) pattern detects all machines in the network that have note yet been patched against the vulnerability used by these worms. Hence, system administrators can immediately be notified of the machines that must be protected against these attacks, and proper steps can be taken to assure that damage is not magnified on the network scale.
-------------
About Trend Micro, Inc.
Trend Micro, Inc. is a leader in network antivirus and Internet content security software and services. The Tokyo-based corporation has business units worldwide. Trend Micro products are sold through corporate and value-added resellers and managed service providers. For additional information and evaluation copies of all Trend Micro products, visit our Web site, www.trendmicro.com.
Voor meer informatie:
Lammers van Toorenburg Benelux PR
Anja Breunis
Tel: 030 6565 070
E-mail: anja@lvtpr.nl