THOMPSON

The Zotob worm and several variations (Rbot.cbq, SDBot.bzh and Zotob.d) infected a number of computers over the weekend.

The worms spread using the TCP/IP port 445, associated with Windows file sharing, and take advantage of the Plug and Play system bug to seize control of the operating system. The infected computers are then able to attack other systems. These viruses also disable the Windows Update service.
Microsoft released a “critical” patch for the vulnerability a week ago, highly recommended for computers running Windows 2000 operating systems. Those computers can be accessed remotely through the operating system’s “Plug and Play” hardware detection feature. Protective patches and instructions for cleansing infected systems are available on the company’s web site.