Risk: Informational
Are we approaching Zero-Day Exploit?
Just five days after the first warning from Microsoft, a worm called Zotob appeared that exploited that vulnerability. On 9 August, Microsoft released critical security advisory MS05-039 which revealed a vulnerability in the Plug-and-Play component of Windows 2000. Code to patch the security hole was also made available.
The New York Times, CNN, ABC News and heavy plant maker Caterpillar all had computer problems caused by a family of the malicious worms. In the UK the Financial Times was struck.
Now there are nine viruses, some variants of the Zotob worm, that exploit the security hole in a variety of ways.
"We are seeing the time lessen between vulnerability and exploit," said Sal Viveros, security expert at McAfee. "It used to take months."
Research firm AssetMetrix reports that Windows 2000 is still the most dominant version of Windows used in large firms. More than 50% of desktops in companies with more than 250 computers run the program.
Net monitoring firm Netcraft said the worms were having no effect on the websites of large firms that run on Windows 2000. Only users of Microsoft Windows 2000 operating system are likely to be vulnerable to the family of bugs.
The symptom of infection by the Zotob bug and its variants is continuous restart of the computer; this is in contrast to many other worms which can infect computers often without their owner's knowledge.