O.K. so I’m late with this one, but just in case anyone missed this… here it is.
02:05 PM CDT on Friday, August 19, 2005
Detroit (AP) — A computer worm “Zotob virus” temporarily halted production at 13 of DaimlerChrysler’s U.S. plants this week, including the automaker’s plant near St. Louis.
But the company says the damage was minimal and it expects to make up the lost production.
The worm was released by hackers and affected Windows 2000 operating systems. It slowed Internet connections and blocked e-mails across the country.
The worm forced Chrysler to stop work Tuesday at the plant in Fenton, and facilities in Michigan and eleven other states. The work stoppage ranged from five to 50 minutes.
The company said Chrysler’s technology staff spotted the worm and quickly patched computers.
This worm exploits the MS05-039 vulnerability. There are at least 2 other W32/Sdbot based worms know to exist that also exploit this vulnerability. They may be seen with the filenames pnpsrv.exe or winpnp.exe.
This self-executing worm spreads by exploiting Windows2000 MS05-039 vulnerable systems in order to instruct those systems to download and execute the worm.
On Demand Scans may detect this threat as New Malware.n with the 4551 DAT files or newer.
This was briefly detected as W32/Zotob.worm.d in our beta DATs, but further analysis has shown it to not be part of this family
VirusScan Enterprise 8.0i and Managed VirusScan’s generic buffer overflow protection protects against code execution that may result from exploitation of MS05-039.