Worms: RBOT & ZOTOB

Yesterday around 4:30 PM I turned the TV to CNN. The red breaking news banner was on the screen. Wolf Blitzer was interviewing someone and seemed quite excited. CNN had been struck by a computer worm in their Atlanta, New York and part of their Los Angeles news bureaus. They were reporting that ABC and The New York Times had also been affected. There was continuous coverage of the story until about 5:20. Wolf Blitzer remained. Apparently the attack was so severe that Lou Dobbs was not able to take over at 5:00 PM. CNN interviewed a representative of Trend Micro which makes PC-cillin anti-virus software that I have on my PC. Trend Micro had discovered the Zotob worms over the weekend and PC-cillin was able to protect against it. He said they had detected a new worm, which was later named Rbot, and would have the virus pattern available within a couple of hours. Trend Micro has very good information available online as new security threats develop: Security Information.

As I listened to the report, I learned that the worm was hitting primarily systems running Windows 2000 and versions of Windows XP without the service packs. The more I thought about this situation it did not make a great deal of sense. On August 9 Microsoft issued patches that were supposed to prevent this attack. The bad guys had jumped on the vulnerability that Microsoft had reported and created the Zotob and Rbot worms. If the patches really could have prevented this attack, why had the IT groups of the affected organizations failed to patch their computers? On the other hand was Microsoft telling the truth about the effectiveness of their patches? Either way it sounded like a very bad situation.

At 9 PM I tuned into CNN’s NewsNight with Aaron Brown. The attack was still the number one story. The first twenty minutes of the program were devoted to the story. Kevin Minnick, the former computer hacker and convicted felon who has now turned into a security consultant, was a guest on the show. He suggested that the worm may have been brought into the corporate networks by employees that have unprotected notebook computers that they use at home and on the road. This is a link to CNN’s latest take on the story: Worm strikes down Windows 2000 systems. It will take more time for the full story to be revealed, but for now all I can do is make sure I have the latest updates.