IMlogic is warning customers that Zotob and IRCbot worms are using instant messaging technology to wreak havoc on infected machines taking advantage of a Windows 2000, XP and Server 2003 vulnerability.
The vulnerability is caused by a flaw in the Windows operating system which allows hackers to exploit the “plug and play” capability of the Windows system. The vulnerability can be exploited by an infected machine creating a denial of service (DOS) attack on other vulnerable machines.
By leveraging a chat channel, the initiating hacker gains access to a host machine, leveraging it to attack other networked machines.
Once successfully executed, the vulnerability allows a hacker to impact a number of systems, including stealing system information or the most damaging impact of forcing an infected computer into a continual reboot.
To learn more about the Zotob and IRCbot worms visit the IMlogic IM and P2P Threat Center.
Initially rated a low risk by most security industry threat centers, the rapid propagation of the Zotob and IRCbot worms motivated most providers to increase the risk level.
The worm appears to lay quiet on an infected machine until prompted into action by the hacker. The messaging channel opened up by the worm appears to await direction prior to disrupting system activity or propagating itself on the network.