The Zotob and IRCBot worms are perpetrating a large scale combined attack

According to data from PandaLabs, new variants of the Zotob and IRCBot worms continue to appear, confirming the intention of the creators to spread numerous malicious codes across the Internet, increasing the probability of computers being affected by one of them. Given this situation, the company has declared an Orange virus alert status.

“The creators of these malicious codes want to exploit, as quickly as possible, the recently discovered Plug and Play vulnerability in Windows. To achieve this they will try to catch users unaware by spreading as many variants as possible. In this way, even if users have just updated their antivirus software, it is quite possible that new variants, not included in the update, could enter their systems”, explains Luis Corrons, director of PandaLabs. “The solution against this type of attack involves having proactive technologies which can detect malware by themselves with no need for previous updates. Our TruPreventTM technologies have blocked all these new worms, so systems with these installed have been protected from the outset.”

The main characteristic of these worms is that they are designed to exploit the Plug and Play vulnerability, chiefly affecting Windows 2000. This means they are able to install themselves directly on a computer from the Internet, without the need to use propagation channels such as email and without needing users to run the infected file. Once this is done, they create a backdoor in the system that allows an attacker to take remote control of the computer. Because Windows 2000 is a platform widely used across corporate environments, businesses are more susceptible to infection from any of these new examples of malware. According to Netcraft, 18 of the Fortune 100 companies and 36 of the FTSE companies have this Microsoft operating system installed.

In fact, media companies such as CNN, ABC and The New York Times, as well as the US Congress and the company Caterpillar have already felt the effects of these malicious codes. Nevertheless, bearing in mind that new variants of Zotob and IRCBot could continue to appear, this list could increase if the necessary measures are not taken.

However, home users must keep their guard up as well, as the vulnerability also affects Windows XP. Although on this platform certain conditions must be met in order for the vulnerability to be exploited.

For users to protect themselves against these new malware specimens, Panda Software advises users to download and install the update provided by Microsoft to fix vulnerability. To prevent these new variants of Zotob or IRCBot from affecting your computer, Panda Software recommends keeping antivirus software up-to-date. Panda Software clients can already access the updates to detect and disinfect these new malicious codes.