News 

Microsoft issued its last monthly security update on 9 August. Among the three critical bulletins was the MS05-039 update, concerning a vulnerability that could allow remote code execution and the local elevation of user privileges. It exists in Windows 2000's Plug and Play functionality, potentially enabling an attacker to install programs and view, change, or delete data.

Already this vulnerability has been exploited in the fast changing virus world.

The Financial Times has published a notice on its website announcing it was infected by the worm. Entitled 'Your FT', it reads 'A computer virus disrupted production of FT.com and the newspaper last night. Click here to request information

ADVERTISEMENT

or pass on your comments'.

The exact identity of the worms in question, however, is still in doubt. According to Sophos, a number of viruses use the exploit, including Tpbot-A, Dogbot-A, Zotob, Rbot and Tilebot-F.

'The experts at Sophos are analysing more and more pieces of malware which are exploiting this serious security vulnerability in Microsoft's code,' said Graham Cluley, senior technology consultant at Sophos. 'These type of attacks are becoming a standard part of the virus writers' armoury. If you are responsible for network security inside an organization it's time to wake up and smell the coffee: you need to patch your systems now against these security holes or not be surprised when hackers and worms blast their way through.'

According to Microsoft, a new Internet worm is not involved but a different variation of the existing Zotob attack. This runs continuously in the background and provides a backdoor server allowing a remote intruder - via IRC channels - to gain control over the computer.

Microsoft maintains that Zotob - which targets Windows 2000 - has so far had a low rate of infection. Users of Windows XP, or those who have applied the MS05-039 update to Windows 2000, are not affected.