Zotob Computer Virus

Introduction

Every day brings new threats against our computers. Recently, a new computer threat has appeared the Zotob computer virus. There are many variations of this threat named Zotob.A, Zotob.B all the way up to Zotob.H. It may also show up under different names such as Worm.Bozori. This threat is especially dangerous to machines running Windows 2000, and can infect computers with Windows NT, Windows XP SP2, and Windows Server 2003. This threat opens a communications backdoor to your computer allowing the attacker to do almost anything to your PC.

Technical Information

Microsoft's Security Bulletin (MS05-039) describes a bug in Windows 2000 that would allow remote code execution and elevation of privilege and the Zotob Virus (technically known as Zotob Worm) knows how to exploit it. Also known as Worm.Bozori, the Zotob worm attacks your PC from the internet without any user knowledge or interaction and tries to breach Windows plug and play facilities in order to gain access. Windows 2000 is the only operating system that can be infected remotely, but it is believed that the other versions of Windows can be infected locally if you receive this threat by email and open the attachment.

Once your computer is infected, the Zotob Worm opens a backdoor allowing the attackers to more easily gain access to your computer to do anything they want to your computer including:

  • Steal personal information
  • Turn your PC in to an email zombie
  • Destroy your data

This worm may also try to spread itself over a network, attacking vulnerabilities in other machines which will also slow your system.

Method of Infection

Infection of the Zotob computer worm may occur automatically if your Windows 2000 computer is connected to the internet, and has no firewall or recent Windows security patches. Regarding other versions of windows, they can be infected but only if you open an email attachment containing the virus, meaning they can only be infected locally by user interaction.

Detection

This Worm is called Zotob, Zotob.A through Zotob.H or Worm.Bozori and can be detected with popular up-to-date anti-virus programs.

Summary

If your anti-virus software detects this infection and is unable to remove it, or if you think your computer is running slower than usual or crashing when it never used to crash, you may require a technician to help remove this and/or other threats. The Zotob Worm will slow your PC and possibly introduce other threats if the attacker so desires. It can be a potentially serious threat but only Windows 2000 users can be infected remotely.

If you think you have the Zotob virus, Zotob worm, Worm.Bozori, or any of the variants named in this article, an expert at support.com can remove it and clean your system.