MS05-039 got hit first. SANS seems to have been right but up to now, the worm does not seem to be too heavy (this might change over time but not at the moment).

F-Secure released a Level 2 Alert today and called the worm Zotob.A (http://www.f-secure.com/weblog/). It is attacking unpached machines on port 445. Therefore, if consumers have a firewall up and running (e.g. SP2 installed) they will be protected. Otherwise....

SANS (http://isc.sans.org) has an interesting statistics:

  • SQL Slammer was using bug fixed in MS02-039
  • MS Blaster was using bug fixed in MS03-039
  • Zotob is using bug fixed in MS05-039

Let's hope that there will not be more

Roger