A large number of international publications have issued information about a virus that has infected the networks of many major corporations and caused the biggest epidemic of the year. According to reports broadcast on CNN, ABC News, the NY Times and the US Congress have been affected. Other publications have reprinted this information, including the Russian media. There is some confusion as to what is actually happening, and the name(s) of the virus.
We have established that the media are describing an incident caused by a worm, which has the following names:
· Zotob.e (Symantec)
· WORM_RBOT.CBQ (Trend Micro)
· IRCBot.Worm (McAfee)
· Tpbot-A (Sophos)
· Net-Worm.Win32.Bozori.a (Kaspersky Lab)
· Zotob.d (F-Secure)
Kaspersky Lab was among the first antivirus companies to detect this virus, and an urgent update was issued at 01:50 Moscow time (GMT+4), today (17 August 2005). It should also be noted that the Virus Laboratory did not receive notification either from Russian or overseas users about infections caused by this worm. There has not been any noticeable increase in network activity which could be ascribed to this worm. During the Sasser epidemic (some media are comparing the current situation to the Sasser epidemic) in May 2004, which some publications are using as a comparison for Bozori.a, Sasser caused an increase in network traffic of approximately 20% to 40%. At the moment, there are no signs of a similar increase.
This worm exploits the Plug n Play vulnerability in Microsoft Windows (MS05-039) for which a patch was issued on 9 August 2005. It can be downloaded from Microsoft's site.
Since the patch was issued, approximately 10 malicious programs which exploit this vulnerability to spread have been detected. Three Mytob variants (.ce, .cf, .ch) which some antivirus companies called Zotob. The media has published information about these, some of which appears to be speculation which was not supported by any factual evidence of an epidemic. Several Trojan .bot programs have also been detected, from the Rbot and IRCBot families. None of these .bots have caused any significant epidemic.
Kaspersky Lab has no concrete information from users confirming infection by Bozori.a. This and the other facts given above would seem to confirm that at the moment, there is no epidemic.
-----------
Over Kaspersky Lab
Kaspersky Lab is een wereldleider op het gebied van content security die producten ontwikkelt die bescherming bieden tegen virussen, spyware, hackers en spam. Opgericht in 1997, opereert Kaspersky Lab Inc vanuit negen regionale vestigingen en in samenwerking met partners in meer dan 50 landen over de hele wereld. Waar u zich ook bevindt, Kaspersky Lab beschermt uw netwerk, servers, PC’s, PDA’s en smartphones. Kaspersky Lab is een bewezen strijder tegen virussen en reageert altijd pro-actief tegen nieuwe dreigingen. Het internationale virus onderzoeksteam vult continu de collectie aan en ontwikkelt antivirus middelen. Kaspersky Lab staat bekend om haar snelle respons tegen nieuwe virusdreigingen en onze technieken hebben vele onderscheidingen vergaard.
Perscontact
Kaspersky Lab Benelux BV
Martijn van Lom - Sales Manager
martijn@kaspersky.nl
Roel Schouwenburg - Senior research engineer
roel@kaspersky.nl
Havensingel 1A
5211 TX 's-Hertogenbosch
Phone: +31 (0)736 154 860
Fax: +31 (0) 736 121 830
www.kaspersky.nl