A new worm, called Zotob, is doing the rounds of the Internet at the moment, exploiting a security hole in Microsoft Windows' uPnP networking functionality.
The security hole was patched in this month's security updates, however any machines out of date will of course remain vulnerable to attack. The Zotob worm, which currently has two variants, has the ability to spread rapidly. Once it has infected a machine it creates FTP and IRC connections, attempting to replicate itself and also to aid remote exploitation of the infected machine. Zotob also modifies the system hosts file, resulting in certain domain names resolving to incorrect IPs, inhibiting the user's ability to download virus scanning software.
Zotob isn't having as big an impact as some of the more infamous worms of the last year or so, but it does remind us all of how important it is to stay up to date. Unfortunately, not everybody is doing so. David Nardoni, president of First Response Consulting Services explained to Tom's Hardware an issue known as 'patching paralysis'.
Moral of the story? Don't rely solely on external protection to keep your networks safe; ensure that all machines have all security updates installed.
