'Virus battle' causes more than 250,000 errors

Mikko Hypponen, head of research at Finland-based security firm F-Secure, said yesterday: "We are witnessing a virus battle. There seem to be three groups writing separate malicious programs together. new versions with alarming speeds, as if they are racing to see who will dominate the largest infected computer network ".

The three worms Zotob, Bozori and IRCbot (some called RBOT.CBQ) are still exploiting vulnerabilities in unpatched Windows 2000 operating systems and no protection firewall."The latest version of Bozori even wipes out 'competitors', such as Zotob, in PC," Hypponen said.

These are virus variants that have caused computer malfunctions at several major news agencies and companies in the US on August 16.Microsoft, McAfee and Symantec have previously claimed that the damage is negligible and cannot be spread as widely as the dangerous software SQL Slammer or MyDoom.However, they themselves were worried when they discovered IRCbot yesterday.According to McAfee, the worm appeared and worked only seven days after Microsoft released a security bulletin, which was faster than Sasser (14 days).

When IRCbot is enabled, it will connect to the remote IRC server and wait there for the new instruction.If MS05-39 is encountered, the program is capable of causing the PC to constantly boot multiple times.It can also replicate itself to the Windows system directory, such as C: WindowsSystem32 on Windows XP, with the WINTBP.EXE file to exploit the error.

"IRCbot is the first of three viruses that have successfully performed mass attacks. So far, we have recorded 150 infections, most in the US, some in Europe. Asia and Europe, causing more than 250,000 problems, mainly Windows 2000, "McAfee said.

According to F-Secure's Hypponen, for many Windows operating system users, Microsoft's security bulletin "does not appear to exist".