Ross
Well-known member
As of August 16, 2005 5:12 PM (Pacific Daylight Time; GMT-7:00), TrendLabs has
declared a Medium Risk Virus Alert to control the spread of WORM_ZOTOB.D and
WORM_RBOT.CBQ. TrendLabs has received several infection reports indicating that
this malware is spreading in Brazil and the U.S.A.
WORM_ZOTOB.D is a memory-resident worm that drops a copy of itself in the
%System%\wbev folder as WINDRG32.EXE.
(Note: %System% is the Windows system folder, which is usually C:\Windows\System
on Windows 95, 98, and ME, C:\WINNT\System32 on Windows NT and 2000, or
C:\Windows\System32 on Windows XP.)
It takes advantage of the Microsoft Windows Plug and Play vulnerability to
propagate across networks. For more information regarding this vulnerability,
refer to the Microsoft Security Bulletin MS05-039 found in the following Web
page:
http://www.microsoft.com/technet/security/bulletin/ms05-039.mspx
(Note: This propagation routine works only on NT-based systems (Windows NT,
2000, XP, and Server 2003), because the Microsoft Windows Plug and Play
vulnerability exists only on these platforms.)
It also has backdoor capabilities, and may execute commands coming from a remote
malicious user. This provides remote users virtual control over affected
systems, thus compromising system security.
As a form of an anti-debugging technique, this worm also gathers Web sites from
RSS feeds, then randomly sends these sites as messages in the IRC channel it is
connected to. It does this in order to confuse or mislead anyone who is
monitoring the IRC channel from the real IRC commands it issues.
================
WORM_RBOT.CBQ is a memory-resident worm that drops a copy of itself in the
Windows system folder as WINTBP.EXE.
This worm also takes advantage of the Microsoft Windows Plug and Play
vulnerability to propagate across networks. This propagation routine works only
on Windows NT and 2000, as the Microsoft Windows Plug and Play vulnerability
exists only on these platforms.
This worm also connects to an IRC server, joins a specific channel and then
sends the following messages:
? {Random} :ER DL FH
? {Random} :ER DL IF
I would suggest going to the microsoft link and find the download for your operating system and installing the patch immediately.
declared a Medium Risk Virus Alert to control the spread of WORM_ZOTOB.D and
WORM_RBOT.CBQ. TrendLabs has received several infection reports indicating that
this malware is spreading in Brazil and the U.S.A.
WORM_ZOTOB.D is a memory-resident worm that drops a copy of itself in the
%System%\wbev folder as WINDRG32.EXE.
(Note: %System% is the Windows system folder, which is usually C:\Windows\System
on Windows 95, 98, and ME, C:\WINNT\System32 on Windows NT and 2000, or
C:\Windows\System32 on Windows XP.)
It takes advantage of the Microsoft Windows Plug and Play vulnerability to
propagate across networks. For more information regarding this vulnerability,
refer to the Microsoft Security Bulletin MS05-039 found in the following Web
page:
http://www.microsoft.com/technet/security/bulletin/ms05-039.mspx
(Note: This propagation routine works only on NT-based systems (Windows NT,
2000, XP, and Server 2003), because the Microsoft Windows Plug and Play
vulnerability exists only on these platforms.)
It also has backdoor capabilities, and may execute commands coming from a remote
malicious user. This provides remote users virtual control over affected
systems, thus compromising system security.
As a form of an anti-debugging technique, this worm also gathers Web sites from
RSS feeds, then randomly sends these sites as messages in the IRC channel it is
connected to. It does this in order to confuse or mislead anyone who is
monitoring the IRC channel from the real IRC commands it issues.
================
WORM_RBOT.CBQ is a memory-resident worm that drops a copy of itself in the
Windows system folder as WINTBP.EXE.
This worm also takes advantage of the Microsoft Windows Plug and Play
vulnerability to propagate across networks. This propagation routine works only
on Windows NT and 2000, as the Microsoft Windows Plug and Play vulnerability
exists only on these platforms.
This worm also connects to an IRC server, joins a specific channel and then
sends the following messages:
? {Random} :ER DL FH
? {Random} :ER DL IF
I would suggest going to the microsoft link and find the download for your operating system and installing the patch immediately.
![Woneligo Smart Watch for Women,Fitness Watch(Answer/Make Call),Alexa Built-in, [24H Heart Rate Sleep Blood Oxygen Monitor],5ATM Waterproof,100 Sports Modes Step Calorie Watches for iOS&Android Phones](https://m.media-amazon.com/images/I/4102RKWBa0L._SL500_.jpg)
