War of the worms

by Steve Kerrison on 18 August 2005, 00:00

Quick Link: HEXUS.net/qabom

Add to My Vault: x

Please log in to view Printer Friendly Layout

A series of worms written to exploit a PnP networking vulnerability in Microsoft Windows are competing against each other for supremacy.

The vulnerability that the worms are scrapping over is identified by Microsoft as MS05-039 and can result in "Remote Code Execution and Local Elevation of Privilege". One of the worms taking advantage of un-patched systems is Zotob, which we reported on recently.

What's interesting is F-Secure's analysis of all of the worms going to work on the vulnerability and what they're doing to any other worms that have already taken root.

The F-Secure weblog details their findings, accompanied by a superb diagram.

For the last four days we got 11 different samples of malware using this vulnerability. Currently there are three Zotob variants (.A, .B and .C), one Rbot (.YK), one Sdbot (.ADB), one CodBot, three IRCbots (.ES, .ET and .EX) and two variants of Bozori (.A, .B).

Variants from both IRCBot and Bozori families are deleting competing PnP bots.

So, if your system has been exploited by a bot trying to zombify your machine, rest assured that another bot will be along to oust the existing bot and hand your CPU power over to a different set of unscrupulous characters.

HEXUS Forums :: 0 Comments

Login with Forum Account

Don't have an account? Register today!
Log in to be the first to comment!