There are a few characteristics that make this family of worms a serious threat. First, like Blaster and Sasser worms, Zotob requires no user interaction and spreads to all vulnerable machines automatically. Second, the worm's footprint is quite small (10KB) and it can simultaneously connect to hundreds of target computers so it spreads very rapidly. Third, the worm exploits a vulnerability that affects Windows 2000, Windows XP, and Windows Server 2003, all potential victims as these ystems make up a large percentage of Internet-connected computers. Lastly, it can spread to a wide array of networks by randomly guessing IP addresses.
Fortinet protects against and labels these worm variants as follows:
FortiGuard Network Information: All of Fortinet's FortiGate and FortiMail systems and FortiClient Host Security software in production worldwide are kept up to date automatically by Fortinet's FortiGuard Network, which provides continuous updates that ensure protection against the latest threats around the clock and around the world. Fortinet's FortiGate and FortiMail systems can block the W32/Zotob worm variants' attack at the gateway before it enters customers' networks, or on the host with the FortiClient Host Security software.
For more information on the FortiGuard Network, please visit:
For more information on Fortinet's FortiGate and FortiMail systems and FortiClient Host Security software, please visit: