The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

This is not a viruswar, this is a botwar!

Posted by Xavier Ashe on August 17, 2005

Here is a status update on the malware using the Plug-and-Play vulnerability (MS05-039).

For the last four days we got 11 different samples of malware using
this vulnerability. Currently there are three Zotob variants (.A, .B
and .C), one Rbot (.ADB), one Sdbot (.YN), one CodBot, three IRCbots
(.ES, .ET and .EX) and two variants of Bozori (.A, .B).

Variants from both IRCBot and Bozori families are deleting competing PnP bots.

It seems there are two groups that are fighting: IRCBot and Bozori vs Zotobs and the other Bots.

See our high-tech illustration for details.

From F-Secure's Blog.  Its been about 2-3 years since we've had a good virus war.  Would it be so difficult just to patch your systems?

UPDATE:  Brian Krebs has picked up this story on Security Fix

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: