Mocbot exploits Microsoft's MS06-040 flaw

Various antivirus vendors are reporting that a newly updated version of Mocbot, which first appeared in late 2005, takes advantage of the Windows Server Service flaw first announced by Microsoft last Tuesday in its . While antivirus and security vendors both downplayed the threat from Mocbot--also known as IRCbot (F-Secure and Trend Micro) and Wargbot (Symantec)--the presence of this new bot underscores the need for everyone to patch their Windows systems ASAP. In particular, those who are using Windows 2000 and Windows XP SP1 are most vulnerable to this new attack. Windows XP SP2 users appear to be safe. Mocbot first appeared in late 2005. As of Sunday afternoon, a few antivirus software companies have updated their signature files to include this bot. For more information, see F-Secure, McAfee , Symantec, and Trend Micro.