Online criminals have pounced on the unpatched Windows DNS Server service vulnerability, using the security hole to seed and replenish for-profit botnets.
Anti-virus researchers have detected signs of a variant of the talkative Nirbot Trojan squirming through the worm hole created by the vulnerability.
McAfee's analysis describes the latest Nirbot mutant as an IRC (internet relay chat) controlled backdoor, which provides an attacker with unauthorized remote access to the compromised computer.
An attacker can gain control over the compromised computer and use it to send spam, install adware, distribute illegal content or launch a DDos attack on internet systems.
These commands could include instructions to initiate network scanning in search of other vulnerable computers.
According to data from Arbor's ATLAS threat monitoring portal, the bulk of the attacks are coming from the U.S., China, India and Korea.