|by Jodi Ito
On Tuesday, August 9, 2005, Microsoft released Security Bulletin MS05-039 to secure a vulnerability in its “plug-and-play” (PnP) feature of its Windows operating system. Just five days later, the Zotob worm began spreading throughout the Internet using the PnP vulnerability. As a comparison, in 2004, the Sasser worm was released 18 days after the announcement of Microsoft's Local Security Authority Subsystem Service (LSASS) vulnerability. The time between public knowledge of a vulnerability and release of an exploit that takes advantage of the vulnerability is rapidly shrinking. It is more important than ever to ensure that security updates are installed immediately after they are released.
Over 250 computers in the University of Hawaii network were infected with the Zotob worm (W32/SDbot, W32/IRCbot or other variant of the worm). On many of the infected systems, the security patches had been downloaded but not yet installed.
Two things must be done to help prevent virus and worm infections:
- Operating systems must have the latest security updates downloaded AND installed.
- The current version of antivirus software must be installed and have the latest virus definition files installed. Every user must take responsibility for this.