W32.Zotob family of worms

August 14, 2005

W32.Zotob family of worms spread by exploiting the Microsoft Windows Plug and Play Service Vulnerability, as described in Microsoft Security Bulletin MS05-039. This worm targets Windows 2000/XP/2003 computers.

W32.Zotob.C@mm contains a mass-mailing component to spread itself via e-mail.

W32.Zotob can run on, but not infect, computers running Windows 95/98/Me/NT4. Although computers running these operating systems cannot be infected, they can still be used to infect vulnerable computers that they can connect to.

Removal

Symantec has released a removal tool for all known variants of the W32.Zotob worm. You can find the tool and instructions on its use at:

• W32.Zotob Removal Tool

You can find more information and removal instructions for each variant from Symantec from the following links:

• W32.Zotob.L August 25, 2005
• W32.Zotob.K August 24, 2005
• W32.Zotob.J@mm August 23, 2005
• W32.Zotob.I August 20, 2005
• W32.Zotob.H August 17, 2005
• W32.Zotob.G August 17, 2005
• W32.Zotob.F August 16, 2005
• W32.Zotob.E August 16, 2005
• W32.Zotob.D August 16, 2005
• W32.Zotob.C@mm August 15, 2005
• W32.Zotob.B August 14, 2005
• W32.Zotob.A August 14, 2005