Various antivirus vendors are reporting that a newly updated version of Mocbot, which first appeared in late 2005, takes advantage of the Windows Server Service flaw first announced by Microsoft last Tuesday in its security bulletin MS06-040. While antivirus and security vendors both downplayed the threat from Mocbot--also known as IRCbot (F-Secure and Trend Micro) and Wargbot (Symantec)--the presence of this new bot underscores the need for everyone to patch their Windows systems ASAP. In particular, those who are using Windows 2000 and Windows XP SP1 are most vulnerable to this new attack. Windows XP SP2 users appear to be safe. Mocbot first appeared in late 2005. As of Sunday afternoon, a few antivirus software companies have updated their signature files to include this bot. For more information, see F-Secure, McAfee , Symantec, and Trend Micro.
Mocbot exploits Microsoft's MS06-040 flaw
Mocbot exploits Microsoft's MS06-040 flaw
Robert Vamosi
Former Editor
As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.