W32.Zotob family of worms

August 14, 2005

W32.Zotob family of worms spread by exploiting the Microsoft Windows Plug and Play Service Vulnerability, as described in Microsoft Security Bulletin MS05-039. This worm targets Windows 2000/XP/2003 computers.

W32.Zotob.C@mm contains a mass-mailing component to spread itself via e-mail.

W32.Zotob can run on, but not infect, computers running Windows 95/98/Me/NT4. Although computers running these operating systems cannot be infected, they can still be used to infect vulnerable computers that they can connect to.


Symantec has released a removal tool for all known variants of the W32.Zotob worm. You can find the tool and instructions on its use at:

You can find more information and removal instructions for each variant from Symantec from the following links: