August 19, 2005

Zotob & Security Best Practices

With the rapid spread of the Zotob virus and its variants this week, I thought I'd direct others to my comprehensive article on making your personal wireless network more secure: "Wireless Networking Best Practices: Version 2.0".

Why? Because the vast majority of home and SOHO (Small Office/Home Office) wireless networks are notoriously insecure by many estimates. The tips contained in this article provide critical defenses to the techniques and mechanisms used by Zotob and its variants.

By some reports, even if your version of the Windows OS cannot be infected by Zotob, the virus may still run on it as a host. This effectively turns your PC into the electronic equivalent of Typhoid Mary, so it can seek out and infect other unprotected PCs.

Please also note the article's section on disabling the UPnP (Universal Plug 'n' Play) feature of your router. UPnP is the main exploit used by Zotob. A year ago, I stated: "UPnP is used for some devices like the Xbox game system. If you don't have a UPnP device, then make sure it's disabled. Otherwise, it's another potential security hole for your network." For instance, I noticed that some versions of Linksys' wireless router firmwares left the UPnP feature enabled by default where previous versions had it disabled. This, in my opinion, was a bad decision by Linksys. Leaving UPnP enabled in the router may have been required for gaining the Microsoft Xbox certification. However, it's still a really bad security decision considering that many people using those routers don't have an Xbox or use the UPnP feature.

Anyway, I hope you find these security best practices helpful. All of the information is still current and valid.

Topic(s):   Privacy & Security
Posted by Jeff Beard