Welcome to the Small Business Ideas Forum! We are a community of over 100,000 small business folks with over 163,000 posts for you to browse. We pride ourselves on being the friendliest forum you will find and we'd love to have you as a member of our community. Please take a moment and register for a free account. If you need any help, please contact Chris Logan.

Small Business Ideas Forum

Small Business Ideas Forum

A friendly place to share small business ideas and knowledge, ask questions, find help and encourage others that are involved in the small business industry. Topics include small business marketing, generating revenue and small business computing.

Go Back   Small Business Ideas Forum > Small Business Computing > Computer Security
Register Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
Old 17th August 2005, 09:52 AM   #1
techgrrl
Member
 

Join Date: Aug 2005
Location: Israel
Posts: 12
Exclamation New Virus Loose

Hi All,

I am new in the forum, but bring bad news (not a good way to start eh?). A new virus is now circling online, infecting computers through a WinXP/2K flaw.

Read more about it here:
http://www.securityfocus.com/news/11281

My advice - install a firewall.

techgrrl is offline   Reply With Quote
Register or log in to remove this ad.
Old 17th August 2005, 10:11 AM   #2
Robert
Administrator
 
Robert's Avatar
 

Join Date: May 2004
Location: Houston, TX
Posts: 3,463

Default

Welcome to the forum, techgrrl!

__________________
Small Business News - You've never seen small business news delivered like this!
Free Business Forms - Download free business forms you can customize
Robert is offline   Reply With Quote
Old 18th August 2005, 12:56 PM   #3
StupidScript
Administrator
 
StupidScript's Avatar
 

Join Date: Jul 2004
Location: Los Angeles
Posts: 604
Default

Welcome aboard, techgrrl!

BTW, technically, Zotob is a "worm", not a "virus".

A virus is distributed via a launching mechanism, like as an infected email attachment or image file, and depends on the target user taking some action, like opening the attachment or viewing the image.

A worm does not need any help. Zotob, like other worms, simply spreads itself using information about its host's network address. Zotob, in particular, installs a little independent FTP server and then sends and receives its compatriot nasty program files by reaching out to other IP addresses within the "B-class" block (255.255.0.0) that the host address is using. When it finds a vulnerable system within those addresses, it installs its FTP program and keeps going.

Zotob reaches out beyond the B-class network using IRC channels.

As a quick helper, for those of you who are affected, one of your problems is that you can no longer connect to Symantec or McAfee or Microsoft or Sophos or any other well-known anti-virus site so you can download a patch. This is one of the things Zotob does, but it's easy to get around, at least until you reboot.

If infected with Zotob, go into your Windows directory and look for a file named simply "hosts". If you open hosts in a text editor, you will see a whole bunch of entries for various anti-virus companies in there, all followed by the IP address "127.0.0.1". Since Windows looks to the hosts file to help it figure out which special domain resolves to which IP address, the hosts file (as modified by Zotob) is basically telling your computer that all roads to anti-virus websites lead back to your computer.

Delete all of the entries in hosts (Select->All ... Delete), save the file (there's no file extension) and launch your web browser to download your patch from your favorite anti-virus site. Once installed, DISCONNECT the cable that connects you to your ISP to keep Zotob from spreading while you kill it. Run a deep scan on your system to clean out the Zotob nasty files and kill the processes it is using to spread itself.

Then (right away) go to Windows Update and install the three security patches that will keep Zotob from reinfecting your system.

Have fun! (Go Linux!)

More info on Zotob-A from F-Secure

<edit>
Oops! More fun ... Today (Aug.18) Microsoft is investigating ANOTHER critical flaw in its browser (demonstrated with MSIE6 and a fully-patched Windows XP SP2 system). While you're downloading the Zotob security patches, be sure to pick up the new patch MS will be making available to thwart this new hack. If it's not up there, yet, go back to Windows Update every few hours to look for it and install it. It seems this exploit is targeted at machines with MS Visual Studio installed, however some of the target files are also included with Windows XP SP2. Read more ...
</edit>

__________________
James Butler - "Do no weevils"
JamesButler.net
MusicForHumans.com

Last edited by StupidScript; 18th August 2005 at 01:03 PM.
StupidScript is offline   Reply With Quote
Old 18th August 2005, 04:10 PM   #4
StupidScript
Administrator
 
StupidScript's Avatar
 

Join Date: Jul 2004
Location: Los Angeles
Posts: 604
Default

As a public service, I have placed the updated Microsoft AntiSpyware tool on my server for anyone to download, in case you can't get to the Microsoft site but can still get online.

Here it is. Download and run it to remove Zotob variants.

I promise, it's a clean file.

I'm only going to leave it up there until the end of today, so git ta patchin'!

<edit>
Oops! More fun ... I just received notice from Sophos that Zotob.F and Zotob.G are now running around out there. These aren't included in the updated MS AntiSpyware, so get cleaned up and keep an eye on Windows Update for more.

ALSO: Set up your firewall (WinXP => Network Connections => Advanced) to block anything coming in through "port 445", which is the primary attack vector for Zotob under the "Plug-n-Play" exploit it uses.
</edit>

__________________
James Butler - "Do no weevils"
JamesButler.net
MusicForHumans.com

Last edited by StupidScript; 19th August 2005 at 12:50 PM.
StupidScript is offline   Reply With Quote
Old 18th August 2005, 10:45 PM   #5
kiasu
Member
 

Join Date: Aug 2005
Posts: 1
Thumbs up

Thanks StupidScript

kiasu is offline   Reply With Quote
Old 23rd August 2005, 02:38 AM   #6
techgrrl
Member
 

Join Date: Aug 2005
Location: Israel
Posts: 12
Default Technicalities...

Worm, virus worm... to me it's the same. It's a piece of code that does damage. In hebrew a worm is called a worm virus, or a virus for short. So out of habit I call any malicious code a virus. Sorry about that.

techgrrl is offline   Reply With Quote
Old 23rd August 2005, 07:24 PM   #7
StupidScript
Administrator
 
StupidScript's Avatar
 

Join Date: Jul 2004
Location: Los Angeles
Posts: 604
Default

No trouble, techgrrl.

I find it useful to separate the different kinds of attacks because it helps me figure out how to deal with them and to decide how frenzied I should be about them. Viruses are nothing unless one does something ill-advised. Worms are dangerous regardless of how careful one is.

__________________
James Butler - "Do no weevils"
JamesButler.net
MusicForHumans.com
StupidScript is offline   Reply With Quote
Old 24th August 2005, 03:10 AM   #8
techgrrl
Member
 

Join Date: Aug 2005
Location: Israel
Posts: 12
Default

Quite true. which is why I think people and small businesses in particular should invest more time and money in keeping their network safe.

techgrrl is offline   Reply With Quote
Reply   

Bookmarks




Thread Tools

Get Updates
RSS Feeds:
RSS Feed for Computer Security RSS for this Category Only: Computer Security

RSS Feed for Small Business Ideas Forum RSS for Entire Forum
Forum Rules


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


Our volunteer moderators and their websites:
David Wallace
SearchRank - Organic Search Engine Optimization
Old Welsh Guy
Internet Marketing from Wales in the UK
torka
NineYards.com: Helping Businesses Do Business Online
Small Business Answers
Free help to grow your business.

New at Search Engine Guide
The 4 Types Of Website Traffic

New at Small Business Answers
Contractor Estimate - Cancel Contract - Bill of Sale - Evaluation Questions

Employee Evaluation Templates
30 Day Review - 90 Day Review - Annual Review - Employee Self Evaluation - Strength & Weaknesses

New at Small Business Forum
Unusual Ways To Promote Your Business

Crimson Fox
Graphic Design and Brand Promotion and the Brand Design Blog
St0n3y
Search Marketing Results - Pole Position Marketing!
Search Marketing Info - (EMP) E-Marketing Performance
Matt McGee
Small Business SEM - Web marketing discussion for small businesses.
Logan
Tiny Doors Frisco
Things To Do

At Your Business - Small Business Directory
Free Business Forms - Prewritten Documents

Free Links - Free Advertising
Free Guide - Online Directory
Debra Mastaler
Alliance-Link
The Link Spiel Blog
ChristineG
Free Online Marketing and Social Media Tips: Social Media Simplified for Small Business Owners
mktgbiz
Promotional Items Marketing
What I REALLY think!


Visit our small business websites
Small Business Forum | Small Business Answers | Search Engine Guide

All times are GMT -5. The time now is 06:22 PM.


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Copyright 2004 - 2015 K. Clough, Inc. - Privacy