Win32/Zotob

Detected by Microsoft Defender Antivirus

Aliases: W32/Zotob.worm (McAfee) W32/Zotob.worm.gen (McAfee) W32.Zotob (Symantec) W32/Bozor.A.worm (Panda) WORM_MYTOB.JS (Trend Micro) W32/Zotob-A (Sophos) Zotob.A (F-secure) Win32/Zotob.A!Worm (CA) Net-Worm.Win32.Mytob.cd (Kaspersky)

Summary

Windows Defender Antivirus detects and removes this threat.

Win32/Zotob is a network worm that primarily targets Microsoft Windows 2000 computers that do not have Microsoft Security Bulletin MS05-039 installed. MS05-039 patches the Windows Plug-and-Play buffer overflow vulnerability.

Win32/Zotob can also infect computers running other Windows operating systems if it is delivered through email, instant messaging, or other routes. The worm has a backdoor component that connects to an IRC server to receive commands from attackers.

Win32/Zotob

Summary

What to do now

Get more help

Technical information

Threat behavior

Prevention

Symptoms