A new worm called Zotob is spreading around the Net, exploiting a well known loophole in Windows' plug-and-play interface. Users of Windows 2000 who have not yet patched are especially vulnerable. Zotob spreads via packets sent to TCP Port 445, and then makes contact via FTP to the computer it came from, initiating the download of further malicious code. It also opens an IRC channel, and can be controlled remotely from there. As noted, there is patch protection against infection, so really it is mainly unpatched Windows 2000 users that are mainly at risk.