Original URL: https://www.theregister.com/2005/08/16/irc_bot/
IRC bot latches onto Plug-and-Play vuln
Second route to 'root'
Posted in Security, 16th August 2005 10:59 GMT
The Microsoft Plug-and-Play vulnerability exploited by the ZoTob worm has been harnessed to create an IRC bot. IRCBot-ES uses the vulnerability to spread instead of more common vectors such as Windows RPC security vulns.
The attack provides evidence that virus writers are swarming around the vulnerability - which was only disclosed last week - thinking up new ways to attack vulnerable systems. Early indications are that IRCBot-ES may be more potent that ZoTob because it's easily capable of spreading around internal networks once an infected machine is plugged into a Lan. Anti-virus firm F-secure reports that one organisation has suffered widespread infection from IRCBot-ES via this mechanism. Meanwhile a further variant of ZoTob has been discovered.
The clear interest from malware authors in the vulnerability underlines the need for Windows users to get patched up sooner rather than later. ®