Protect your computer from Worm!
Tuesday, December 18th, 2007Worm Attack!
Yesterday I was attacked badly by the worm! It was one of the worst experience to me, even though I’ve about 9 years experience to fight with it. I’m here to share with you this bad experience and hope you protect your computer from this dangerous worm!
It was happen on yesterday morning. When I entered to my server room, I saw few of my Windows 2000 servers pop up a message as below:
The services.exe has been terminated unexpectedly with status code 128. Your system will now shutdown within 60 seconds.
Then the time counter start to count down and it restart by itself. It was happen all of sudden without any symptoms at all except my users are not able to access those shared folders.
Zotob, The Worm
After do a google search, found that this might caused by a worm named W32.Zotob.E. This worm was first released on August 2005 and its now upgrade its capability on February 2007. According to Symantec, this worm exploits Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039) on TCP port 445 and opens back door. The symptoms that they describe are almost the same with my servers.
But a very weird thing is my servers are already updated with windows 2000 service pack 4 and most of the security patches including the security patch that mentioned above. Further more, my norton antivirus which had the latest definition also not able to detect any worm or virus.
How to Protect? (more…)
Subscribe Me!
