they must be dangerous because they were on the news and all of the A/V makers have sent out bulletins
W32.Zotob.E
W32.Zotob.E is a worm that opens a back door and exploits the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039) on TCP port 445. W32.Zotob.E can run on, but not infect, computers running Windows 95/98/Me/NT4/XP. Although computers running these operating systems cannot be infected, they can still be used to infect vulnerable computers that they can connect to.
W32.Esbot.A
W32.Esbot.A is a worm that spreads by exploiting the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039).
Note: Virus definitions were posted on August 15th for this threat.
http://www.nod32.com/home/home.htm
http://securityresponse.symantec.com/avcenter/tools.list.html
http://www.avast.com/eng/win_zotob.html
http://www.grisoft.com/doc/Updates/lng/ww/tpl/tpl01
W32.Zotob.E
W32.Zotob.E is a worm that opens a back door and exploits the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039) on TCP port 445. W32.Zotob.E can run on, but not infect, computers running Windows 95/98/Me/NT4/XP. Although computers running these operating systems cannot be infected, they can still be used to infect vulnerable computers that they can connect to.
W32.Esbot.A
W32.Esbot.A is a worm that spreads by exploiting the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039).
Note: Virus definitions were posted on August 15th for this threat.
http://www.nod32.com/home/home.htm
http://securityresponse.symantec.com/avcenter/tools.list.html
http://www.avast.com/eng/win_zotob.html
http://www.grisoft.com/doc/Updates/lng/ww/tpl/tpl01
Kaspersky Lab said:The biggest virus epidemic since Sasser and Mydoom? Kaspersky Lab comments on the current situation
Kaspersky Lab, a leading developer of secure content management solutions that protect against viruses, Trojans, spyware, spam and hacker attacks, has the following statement regarding the malicious programs Zotob / Bozori.
A large number of international publications have issued information about a virus that has infected the networks of many major corporations and caused the biggest epidemic of the year. According to reports broadcast on CNN, ABC News, the NY Times and the US Congress have been affected. Other publications have reprinted this information, including the Russian media. There is some confusion as to what is actually happening, and the name(s) of the virus.
We have established that the media are describing an incident caused by a worm, which has the following names:
* Zotob.e (Symantec)
* WORM_RBOT.CBQ (Trend Micro)
* IRCBot.Worm (McAfee)
* Tpbot-A (Sophos)
* Net-Worm.Win32.Bozori.a (Kaspersky Lab)
* Zotob.d (F-Secure)
Kaspersky Lab was among the first antivirus companies to detect this virus, and an urgent update was issued at 01:50 Moscow time (GMT+4), today (17 August 2005). It should also be noted that the Virus Laboratory did not receive notification either from Russian or overseas users about infections caused by this worm. There has not been any noticeable increase in network activity which could be ascribed to this worm. During the Sasser epidemic (some media are comparing the current situation to the Sasser epidemic) in May 2004, which some publications are using as a comparison for Bozori.a, Sasser caused an increase in network traffic of approximately 20% to 40%. At the moment, there are no signs of a similar increase.
This worm exploits the Plug n Play vulnerability in Microsoft Windows (MS05-039) for which a patch was issued on 9 August 2005. It can be downloaded from Microsoft's site at http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx
Since the patch was issued, approximately 10 malicious programs which exploit this vulnerability to spread have been detected. Three Mytob variants (.ce, .cf, .ch) which some antivirus companies called Zotob. The media has published information about these, some of which appears to be speculation which was not supported by any factual evidence of an epidemic. Several Trojan .bot programs have also been detected, from the Rbot and IRCBot families. None of these .bots have caused any significant epidemic.
Kaspersky Lab has no concrete information from users confirming infection by Bozori.a. This and the other facts given above would seem to confirm that at the moment, there is no epidemic.
A description of Net-Worm.Win32.Bozori.a is available in the Virus Encylopaedia.