We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,131 News Articles

Windows XP vulnerable to Zotob virus

Small, but real, risk

PCs running a certain configuration of Windows XP could be vulnerable to attack from the Zotob worm that ran riot on Windows 2000 systems last week, Microsoft has said.

In a clarification issued on Tuesday, Microsoft said that PCs running Windows XP Service Pack 1 are also at risk if a filesharing feature called ‘Simple File Sharing and ForceGuest’ is enabled. The company hadn't seen any attacks trying to exploit this scenario as of Tuesday, it said.

Zotob made headlines last week when it infected systems around the world, including PCs at Time Warner's CNN news network. The virus, which has since appeared in more than a dozen variants, exploits a flaw in a plug-and-play feature of Microsoft's operating system and causes infected machines to continually reboot, among other effects.

Security experts have called it the worst virus outbreak so far this year, although the rate of infections has been falling since late last week as more users patch their systems.

"It's definitely going down all the time," Mikko Hypponen, chief research officer at antivirus company F-Secure, said in an interview yesterday.

Most Windows XP users have probably upgraded to Service Pack 2 by now, so the risk to XP machines is probably not very significant, Hypponen said. But he added that there are now more than a dozen variants of Zotob, at least one of which is spreading via email, which makes it easier for the virus to get behind corporate firewalls. Users are advised to install the patch Microsoft issued two weeks ago and keep their antivirus definition files up to date.

Microsoft acknowledged in its original security bulletin that some Windows XP machines could be at risk, as well as systems running some versions of Windows Server 2003. But to exploit those operating systems a virus writer would need a valid user login, making those systems less vulnerable.

On Tuesday, Microsoft updated its guidance. For machines that are not joined to a network domain - which is likely with most home users - and where the Simple File Sharing Feature is enabled, other users can access those PCs using a ‘guest account’, for which a login is not required. That makes those systems vulnerable to Zotob.

The clarification is at www.microsoft.com/technet/security/advisory/906574.mspx

The original bulletin is at www.microsoft.com/technet/security/Bulletin/ms05-039.mspx

Hypponen has written a personal account of the Zotob outbreak on F-Secure's blog at www.f-secure.com/weblog/


IDG UK Sites

OnePlus Two release date rumours: Something's happening on 22 July

IDG UK Sites

13in MacBook Air review, Apple's MacBook Air 2014 reviewed

IDG UK Sites

5 reasons to buy an electric car and 5 reasons not to

IDG UK Sites

Evernote Skitch: the best way for creatives to doodle feedback