Hopefully everybody followed the advice we gave five days ago. We've just located the first bot exploiting one the remote code execution vulnerabilities patched in last Tuesday's patch set by Microsoft.
The bot, known as Mocbot aka Backdoor.Win32.IRCBot.st is apparently only able to spread to Windows 2000 and perhaps to Windows XP SP1 computers.
Our update 2006-08-13_01 detects this bot.
The bot connects to IRC servers at:
bbjj.househot.com:18067 ypgw.wallloan.com:18067
Network admins might want to monitor connection attempts to those hosts from within their network.
