New versions of Ircbot and Zotob have appeared, only a day or so after reports of Zotob worms first appeared. Despite the panic that can often ensue, some antivirus companies are warning people not to be overly concerned as long as their patching is up-to-date. Zotob has not spread really as fast as was feared it might, and Graham Cluley, senior technology consultant at Sophos, has said that he does not believe that Zotob will become another Sasser. Nevertheless, one should be aware of these issues and keep your systems well up to date with patches, and update virus software often.
"We were contacted some hours ago by an organization that had several hundred Windows computers in their internal network infected by a new variant of Ircbot," said Mikko Hypponen, director of antivirus research at F-Secure, writing on the company weblog. "While analyzing the malware, we noticed that this Ircbot variant had something new up its sleeve. This bot was using the brand new MS05-039 Plug-and-Play vulnerability - just like the Zotob worm."