Revision Note: Advisory has been updated to document additional information about variations of Worm:Win32/Zotob.A. We are also announcing the availability of a revised version of the Microsoft Windows Malicious Software Removal Tool that helps to address these attacks. Advisory Summary:Zotob is a worm that targets Windows 2000–based computers and takes advantage of a security issue that was addressed by Microsoft Security Bulletin MS05-039. This worm and its variants install malicious software, and then search for other computers to infect. If you have installed the update released with Security Bulletin MS05-039, you are already protected from Zotob and its variants. If you are using any supported version of Windows other than Windows 2000, you are not at risk from Zotob and its variants. As part of our Software Security Incident Response Process, our investigation has determined that only a small number of customers have been affected, and Microsoft security professionals are working directly with them. We have seen no indication of widespread impact to the Internet. Customers who believe they have been attacked should contact their local FBI office or post their complaint on the Internet Fraud Complaint Center Web site. Customers outside of the United States should contact the national law enforcement agency in their country. You can use the Microsoft Windows Malicious Software Removal Tool to search for and remove the Zotob worm and its variants from your hard drive. For more information about these worms, to help determine if you have been infected by these worms, and for instructions on how to repair your system if you have been infected by these worms, see the Zotob Security Incident Web site or the Microsoft Virus Encyclopedia. For Microsoft Virus Encyclopedia references see the “Overview” section. Other versions of Windows, including Windows XP Service Pack 2 and Windows Server 2003 are not impacted by Worm:Win32/Zotob.A, its variations, and similar worms attempting to exploit the Windows Plug and Play vulnerability, unless they have already been compromised by other malicious software. Customers can protect against attacks attempting to utilize this vulnerability by installing the security updates provided by the Microsoft Security Bulle

More...