On 17 August 2005 the Microsoft Windows

Malicious Software Removal Tool has been updated with added detection

and cleaning capabilities for the following Malicious Software:

* Zotob.A

* Zotob.B

* Zotob.C

* Zotob.D

* Zotob.E

* Bobax.O

* Esbot.A

* Rbot.MA

* Rbot.MB

* Rbot.MC

The updated version of the Microsoft Windows Malicious Software Removal

Tool is available for download from the Download Center at this


NOTE: This updated version is currently NOT available on Windows Update,

Microsoft Update or through Windows Server Update Services.

More information on the Microsoft Windows Malicious Software Removal

Tool is available here: (aka Bobax.AF) – An email flavor of MS05-039

W32.Bobax.AF@mm is a mass-mailing worm that opens a back door, downloads remote files, and lowers security
settings on the compromised computer. The worm spreads by exploiting the Microsoft Windows Plug and Play
Buffer Overflow Vulnerability (as described in Microsoft Security Bulletin MS05-039) and by sending a copy of itself to email addresses gathered.

Zotob Free Removal Tool offered by Symantec


More about it at

Random function flaw leads to ‘Patient zero’

The computer used to kick-start a global worm outbreak in March 2004 has been traced using crucial kinks in its code.

The worm code involved using a random function to generate the next set of targets. Since Randon function provided by operating systems results in generating the same sequence of random numbers, by reverse tracing, the team of Nicholas Weaver and Vern Paxson from the University of California, Berkeley, and Abhishek Kumar from the Georgia Institute of Technology, painstakingly retraced its steps back to the first computer – or “patient zero” – of the outbreak.

More details ate avilable at

Tip: Dont use the Rand function. Use special classes like CryptGenRandom in Windows : Source: Writing Secure code by Michael Howard , MS Press