Various antivirus vendors are reporting that a newly updated version of Mocbot, which first appeared in late 2005, takes advantage of the Windows Server Service flaw first announced by Microsoft last Tuesday in its security bulletin MS06-040. While antivirus and security vendors both downplayed the threat from Mocbot--also known as IRCbot (F-Secure and Trend Micro) and Wargbot (Symantec)--the presence of this new bot underscores the need for everyone to patch their Windows systems ASAP. In particular, those who are using Windows 2000 and Windows XP SP1 are most vulnerable to this new attack. Windows XP SP2 users appear to be safe. Mocbot first appeared in late 2005. As of Sunday afternoon, a few antivirus software companies have updated their signature files to include this bot. For more information, see F-Secure, McAfee , Symantec, and Trend Micro.
Discuss: Mocbot exploits Microsoft's MS06-040 flaw
Be respectful, keep it civil and stay on topic. We delete comments that violate our policy, which we encourage you to read. Discussion threads can be closed at any time at our discretion.