Windows 2000 users face multiple attacks

Worms exploiting a flaw in Windows 2000 are running rampant, with widespread infections reported from three different malware families

Users rushing to protect themselves from the Zotob worm are being warned not to take their eyes off other threats as McAfee raises its alert level on the newly discovered IRCbot to the highest alert.

The IRC worm spreads by exploiting a Microsoft vulnerability. Although a patch has been available since Microsoft announced the vulnerability on 9 August, the spread of the worm suggests users have been slow to apply it.

The vulnerability has also been leapt on by the virus writers who have launched the recent SDBot, Rbot and the Zotob virus families which has been causing pain for users around the world in the past 24 hours. The IRCbot was the first of the exploits to propagate en masse.

IRCbot.worm!MS05-039 contacts a remote IRC server and waits for further instructions, according to McAfee. It also copies itself to the Windows System directory, appearing as WINTBP.EXE. Registry keys are created to load the worm at start-up. If infected, the system will continually reboot until it is patched.