By Will Sturgeon, 17 August 2005 11:55
NEWS Users rushing to protect themselves from the Zotob worm are being warned not to take their eyes off other threats as McAfee raises its alert level on the newly discovered IRCbot to the highest alert.
The internet relay chat (IRC) worm spreads by exploiting a Microsoft vulnerability. Although a patch has been available since Microsoft announced the vulnerability on 9 August, the spread of the worm suggests users have been slow to apply it.
The MS05-039 vulnerability has also been leapt on by the virus writers who have launched the recent SDBot family of viruses, Rbot and the Zotob virus which has been causing pain for users around the world in the past 24 hours.
According to McAfee, the seven day turnaround of the vulnerability being announced and the appearance of the first exploit has been the quickest ever. The IRCbot was the first of the exploits to propagate en masse.
IRCbot.worm!MS05-039 contacts a remote IRC server and waits for further instructions, according to McAfee. It also copies itself to the Windows System directory, appearing as WINTBP.EXE. Registry keys are created to load the worm at start-up. If the system has not been patched it will continually reboot.
Comments
There is 1 comment. Join the discussion
1. Ian Kilpatrik
There appears to be a lot of hype around this threat apparently not matched by reality. While a number of people are crying wolf it is interesting that a number of other AV vendors are taking a considerably less alarmist view. for example; Kasperky indicate that the speculation isn't matched by activity !!
http://www.kaspersky.co.uk/news?id=168840109