[unisog] zotob and returning students, what are you going to do?

Florian Weimer fw at deneb.enyo.de
Sun Aug 21 12:03:24 GMT 2005


* Dave Dittrich:

>> Well, with this new worm out, and students returning in the next couple of
>> weeks, we're starting to wonder what impact this is going to have on our
>> network when thousands of student home computers show up on campus and
>> connect to our network. Most of these are uneducated users who are running a
>> mélange of outdated and unpatched versions of Windows.
>
> Are that many running Windows 2000 SP3 or thereabouts?  I don't
> get the impression from reports I'm seeing that the vulnerable
> population is anywhere near Blaster/Witty/etc.

Keep in mind that Zotob has other attack components which can be
activated by the botnet owner.  For example, bots might switch to
attacking victims using open network shares or weak administrator
passwords.

Of course, most of us already have some form of counter-bot strategy,
and in essence, Zotob is just a new name for a surprisingly old code
base.  We should be probably more concerned by new developments in the
code which connects to the controllers, and adapt our countermeasures
accordingly.



More information about the unisog mailing list