Virus definitions that detect/protect against Phatbot/Polybot are now
installed on the central servers and are pushing out to desktops.
Suggestions from Symantec to additionally protect against Phatbot/Polybot:
1. Create a secure password. This threat takes advantage of weak network
passwords. (A full-time Internet connection, such as DSL or Cable, is
considered a network connection for these purposes.) To receive advice
about creating secure passwords visit:
2. Patch the DCOM RPC vulnerability as described in Microsoft Security
3. Patch the WebDav vulnerability as described in Microsoft Security
No stand-alone tools to remove Phatbot/Polybot are available from the
regular organizations as of yet.
On Fri, 19 Mar 2004, Stefanie Ploof wrote:
> Phatbot was reported to us last week by a reporter from the Washington
> Post (sigh), but no reputable antivirus organizations that we could locate
> were providing protection from Phatbot and I didn't see any firsthand
> infections to submit to Symantec, so we instead blocked the ports on
> which it travels. As of today Symantec has finally detected Phatbot as
> W32.HLLW.Polybot. Virus definitions for March 19 (intelligent update) or
> March 24 (live update) will detect Phatbot, but they are not out yet.
> Symantec's write-up:
> A much more eloquently written account from LURHQ:
> I'll update the lists when there are tools/defs for removal.