TechWeb

Symantec: Zotob May Be Modified To Attack Windows XP

Aug 25, 2005 (12:08 PM EDT)

Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=170100448


The current crop of Zotob bot worms could be modified without much trouble to attack PCs running Windows XP and XP SP1, said a Symantec executive Thursday.

"It's possible that Zotob could be modified," said David Cole, the director of Symantec's Security Response. "It wouldn't be difficult.

"But it would not have nearly the same impact as the original outbreak," he added.

The new-found concern over Zotob is that it's now known some Windows XP and Windows XP SP2 computers can be attacked in much the same way as last week's blitz on Windows 2000 systems.

"Although users shouldn't ignore this risk, there are fewer hosts that fit this profile than fit the original attack," said Cole. He also predicted that even if a modified Zotob is released, it would not have the same impact because of the patching that's been done in the meantime.

"One of the biggest reasons for Zotob's initial success was the short time between it and the disclosure of the vulnerability."

Assuming a hacker adds Windows XP capabilities to a Zotob-esque bot, the most likely victims will be home users and those in small- and mid-sized businesses.

"Those are the ones largely reliant on Windows XP," concluded Cole.

Symantec continued to recommend that users apply the patch to all systems, including all Windows XP and XP SP1 machines.