Another Plug-and-Play vulnerability misuse
by Nikola Strahija on August 16th, 2005 The Microsoft Plug-and-Play vulnerability exploited by the ZoTob worm has been used once more, now to create an IRC bot.
IRCBot-ES uses the vulnerability to spread instead of more common vectors such as Windows RPC security vulns.
Early indications are that IRCBot-ES may be more harmful than ZoTob because it's easily capable of spreading around internal networks once an infected machine is plugged into a Lan. Anti-virus firm F-secure reports that one organisation has suffered widespread infection from IRCBot-ES via this mechanism.
The clear interest from malware authors in the vulnerability underlines the need for Windows users to get their systems patched up.