Worm warning hits highest levels

McAfee adds IRCbot warning to Zotob landscape...

Users rushing to protect themselves from the Zotob worm are being warned not to take their eyes off other threats as McAfee raises its alert level on the newly discovered IRCbot to the highest alert.

The internet relay chat (IRC) worm spreads by exploiting a Microsoft vulnerability. Although a patch has been available since Microsoft announced the vulnerability on 9 August, the spread of the worm suggests users have been slow to apply it.

The MS05-039 vulnerability has also been leapt on by the virus writers who have launched the recent SDBot family of viruses, Rbot and the Zotob virus which has been causing pain for users around the world in the past 24 hours.

According to McAfee, the seven day turnaround of the vulnerability being announced and the appearance of the first exploit has been the quickest ever. The IRCbot was the first of the exploits to propagate en masse.

IRCbot.worm!MS05-039 contacts a remote IRC server and waits for further instructions, according to McAfee. It also copies itself to the Windows System directory, appearing as WINTBP.EXE. Registry keys are created to load the worm at start-up. If the system has not been patched it will continually reboot.