Article ID : S1Q0038 / Last Modified : 05/04/2004

Notice about the Sasser Internet worm (virus)

Applicable Products and Categories of This Article

W32.Zotob.E and W32.Esbot.A are new worms that exploit a Microsoft vulnerability (MS05-039) announced last on August 9, 2005. These worms are the most significant of a series of threats targeting unpatched Windows systems, primarily Windows 2000. W32.Zotob.E and W32.Esbot.A are both network-based worms that exploit the Microsoft Windows Plug and Play Buffer Overflow Vulnerability in an attempt to compromise hosts and spread to new systems. For more details, check Symantec Security Response Web page at: securityresponse.symantec.com. Home/home office users should ensure that their systems are updated with the latest patches from Microsoft. Customers who use Norton Antivirus or Norton Internet Security automatically detect this threat as it attempts to spread due to our advanced worm blocking technology. A new virus definition is now available and can be obtained via LiveUpdate. This allows Symantec/Norton AntiVirus to detect and remove this threat. Customers who need to purchase or renew their Norton Internet Security can go to http://www.symantecstore.com/promo=84161