[Full-disclosure] Zotob Worm Remover
xploitable at gmail.com
Mon Aug 22 17:29:34 BST 2005
On 8/22/05, Todd Towles <toddtowles at brookshires.com> wrote:
> Diabl0 will be happy to know that it just deletes the worm
The worm is just proof that corporate security can be by-passed. It
shows how hackers can target individuals within the enterprise and
compromise their wireless device over the weekend while the corporate
user is doing out of office work.
The wireless devices were most likely the primary source of the
spread. Media outlets are reporting wireless devices were only an
accessory to the spread of the worm. Isn't it the case that this worm
was carefully planned out and coordinated. Isn't it the case that the
corporations hit were hand picked by the hacker. Isn't it the case
that the hackers knew the owners of the wireless devices by name.
Isn't it the case that more research and background work was done
before releasing this to the affected enterprises than experts are
reporting to the public at large.
Corporations need to give all employees more advanced training in
patching their personal wireless devices, which are being used over
the weekend, and require them to be patched before the connect to
corporate infrustructure on Monday morning, or during the weekend for
those corporate users accessing the work place remotely from home.
I think if the affected corporations don't learn from Zobtob then the
same will happen again. Its vital enterprises now review policy in
respect of this, as its becoming more common place that hackers are
hitching a ride on wireless devices and hackers no longer need to
worry about compromising corporate security, as unsuspecting employees
are only too easy to target and infect, for the end game of allowing
an infected device beyond the production servers and straight into the
internal network of many of the big dot-com's.
Its not completey clear who diabl0 is currently. Theres more than one
diabl0 out on the web. A query on Google brings up indivduals posting
on discussion forums, as well as a defacement group named diabl0, who
funnily have been more than willing to submit their defacements to
These guys have been around for a while and know what their doing is
the generally impression I get.
I don't know if diabl0 was clever enough to research and coordinate
and target laptops to propogate the worm, but it would be only too
easy to do in the future if someone is willing to put in enough
preperation time into planning the assault on known employees of an
I've been watching too many movies and using illegal substances. Time
for me to go now.
Full-Disclosure is hosted and sponsored by Secunia.