A new Bot on the block
Avert has raised its risk assessment to high on the recently discovered
W32/IRCbot.worm!MS05-039 worm, also known as IRCbot.worm!MS05-039.
The worm, an Internet Relay Chat (IRC) Bot, includes the
ability to spread by exploiting systems that are not yet patched for the MS05-039
vulnerability. The vulnerability, which was announced by Microsoft on August
9, 2005, has also been targeted by virus writers that produced multiple variants
of the ever expanding SDBot family, as well as a new family now known as Zotob.
The worm is designed to contact a remote IRC server and wait for further instructions.
More information on the IRCbot.worm!MS05-039 and its cure
can be found online at the McAfee AVERT site located at http://vil.nai.com/vil/content/v_135491.htm.