Microsoft Statement Regarding Zotob

Editor’s Note, August 17, 2005 —
The statement has been updated to include new information on Zotob and how Windows 2000 customers can protect themselves from the worm.

REDMOND, Wash., August 16, 2005 — Microsoft has made a no-cost, software-based cleaner tool available that customers can use to automatically remove the Zotob worm and its variants from infected PCs after deploying the security update. The tool is available at: http://www.microsoft.com/malwareremove.

We are not aware at this time of a new attack; our analysis has revealed that the reported worms are variants of the existing worm called Zotob. Zotob has thus far had a low rate of infection compared to other network worms. Microsoft attributes this lower impact to customers who have taken on more of a “maintenance mindset” — practicing good security behaviors and using newer and more secure versions of software.

Zotob only targets Windows 2000. Customers who have upgraded to Windows XP—as well as customers who have applied the MS05-039 security update to Windows 2000—are not impacted by this attack. The MS05-039 security bulletin is available at http://www.microsoft.com/technet/security/bulletin/ms05-039.mspx or users can use Windows Update or Microsoft Update to access the latest security update.

Microsoft is working closely with law enforcement to help identify and bring to justice those responsible for this malicious activity. At the same time, Microsoft is working closely with the anti-virus community and other industry partners to help protect our customers. Customers using a firewall are generally protected against the Zotob threat.

The more than 200 million customers who have followed the steps on http://www.microsoft.com/protect to enable Automatic Updates should already be protected against these emerging threats, as they should have received MS05-039 automatically. Microsoft continues to recommend that all customers visit http://www.microsoft.com/protect to take three key steps to protect their PCs. These include:

  • Use an Internet firewall on all PCs and Laptops: An Internet firewall can help prevent outsiders from getting to your computer through the Internet. If you use Microsoft Windows XP, enable the built-in firewall.

  • Update Your Computer: Windows includes the automatic updates feature (Windows Update) which can automatically download the latest Microsoft security updates, as well as the monthly malicious software removal tool as part of regular online safety maintenance for stronger protection. Windows 98 SE and Windows ME can be updated from http://windowsupdate.microsoft.com.

  • Use Up-to-Date Antivirus Software: Installing, configuring and maintaining antivirus protection is absolutely essential.

Customers in the U.S. and Canada who believe they may have been affected by this attack can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support that is associated with security update issues or viruses. International customers can receive support by using any of the methods that are listed at Security Help and Support for Home Users Web site.