Computer worm stops auto production at Fenton plant

O.K. so I’m late with this one, but just in case anyone missed this… here it is.

02:05 PM CDT on Friday, August 19, 2005

Detroit (AP) — A computer worm “Zotob virus” temporarily halted production at 13 of DaimlerChrysler’s U.S. plants this week, including the automaker’s plant near St. Louis.

But the company says the damage was minimal and it expects to make up the lost production.

The worm was released by hackers and affected Windows 2000 operating systems. It slowed Internet connections and blocked e-mails across the country.

The worm forced Chrysler to stop work Tuesday at the plant in Fenton, and facilities in Michigan and eleven other states. The work stoppage ranged from five to 50 minutes.

The company said Chrysler’s technology staff spotted the worm and quickly patched computers.

ZotobVirus Characteristics:

This worm exploits the MS05-039 vulnerability. There are at least 2 other W32/Sdbot based worms know to exist that also exploit this vulnerability. They may be seen with the filenames pnpsrv.exe or winpnp.exe.
See http://vil.nai.com/vil/content/v_135434.htm
This self-executing worm spreads by exploiting Windows2000 MS05-039 vulnerable systems in order to instruct those systems to download and execute the worm.

On Demand Scans may detect this threat as New Malware.n with the 4551 DAT files or newer.

This was briefly detected as W32/Zotob.worm.d in our beta DATs, but further analysis has shown it to not be part of this family

VirusScan Enterprise 8.0i and Managed VirusScan’s generic buffer overflow protection protects against code execution that may result from exploitation of MS05-039.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: