New Sdbot worm uses MS06-040 flaw to spread

Various antivirus vendors are reporting that a new worm is taking advantage of the Windows Service Server flaw first announced by Microsoft on August 8 in its . Sdbot (w32.Sdbot.worm!MS06-040) is considered a low threat by most antivirus vendors and is responsible for increased port scanning on port 139. The presence of this new bot, just weeks after the Mocbot worm exploited the same vulnerability, underscores the need for everyone to patch their Windows systems ASAP. In particular, those who are still using Windows 2000 and Windows XP SP1 appear to be most vulnerable to this new attack. Prevention requires blocking ports 139 and 445 at the router/firewall. A few antivirus software companies have updated their signature files to include this bot. For more information, see McAfee, Sophos, and Symantec.