This is not a viruswar, this is a botwar!

Here is a status update on the malware using the Plug-and-Play vulnerability (MS05-039).

For the last four days we got 11 different samples of malware using
this vulnerability. Currently there are three Zotob variants (.A, .B
and .C), one Rbot (.ADB), one Sdbot (.YN), one CodBot, three IRCbots
(.ES, .ET and .EX) and two variants of Bozori (.A, .B).

Variants from both IRCBot and Bozori families are deleting competing PnP bots.

It seems there are two groups that are fighting: IRCBot and Bozori vs Zotobs and the other Bots.

See our high-tech illustration for details.

From F-Secure's Blog.  Its been about 2-3 years since we've had a good virus war.  Would it be so difficult just to patch your systems?

UPDATE:  Brian Krebs has picked up this story on Security Fix


Author: Xavier Ashe

Entrepreneur, Infosec Executive, CISSP, CISM, Ironman triathlete, traveler, UU, paleo, father of 8, goyishe, gamer, & geek.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s