.

The Internet Storm Center Raises Threat Level to Yellow

     - Sunday, August 14, 2005

UPDATE: SANS is now reporting the Zotob worm is in the wild and is using the bug fixed by MS05-039. The worm, now officially called Zotob.A, downloads and installs itself, then starts an FTP service and begins scanning for other machines with an open 445 port. When it finds another unpatched machine, it uses the exploit on the remote machine and it's new FTP service to infect the target machine.

The Internet Storm Center has reported that they are now tracking a significant new threat to the internet infrastructure, and have decided to turn the INFOCon threat indicator to Yellow. INFOCon is a four color scale intended to quickly describe the current threat level. At the Yellow level, internet users are advised to take immediate specific action to contain the impact.

Earlier in the week, Microsoft released a security bulletin regarding a vulnerability in it's Plug and Play functionality that could allow remote code execution on any unpatched Windows system. The Internet Storm Center is reporting that there appears to be three live exploits out targeting this vulnerability already.

Users with unprotected internet facing Windows machines should consider those machines already infected. Microsoft considers the severity of these exploits critical, and has recommended that the patches be applied immediately.

The Microsoft Security Bulletin MS05-039 has complete details, including a list of affected software and download links to the patch updates.

posted by Kevin Watts |  Permalink |