Information on Win32/Zotob.A

Stepto posted information today around the Win32/Zotob.A worm. Here's a link to his post:

Guidance pages and information on Worm:Win32/Zotob.A

Ok, earlier this morning we activated our Software Security Incident Reponse Process to respond to a malicious attack known as Worm:Win32/Zotob.A. Our investigation has determined that only a small number of customers have been affected and we're working directly with them. We have seen no indication of widespread impact to the Internet, but we have posted a guidance page as well as an encyclopedia entry on this attack. We will remain watchful for any variants or any further customer impact.

Here's a direct link to Microsoft's incident page for the worm:

What You Should Know About Zotob

Zotob.A is a worm targeting Windows 2000-based systems which takes advantage of a security issue that was addressed by Microsoft Security Bulletin MS05-039. This worm installs malicious software, and then looks for other computers to infect.

As always, the bottom line with this type of thing is to make sure that you're fully patched, you're using a firewall, and that your antivirus signatures are up-to-date. Also be sure to subscribe to the MSRC blog for the latest information; it's a great resource.