"Mail volumes have once again reached a high this week, with spam making up 81% of the traffic," Rowley said in a statement. "Much of this increase can be attributed to the spam originating from the new zombies unleashed by the Mocbot worm."
Mocbot first started targeting machines vulnerable to the Windows Server Service flaw about four days after Microsoft released the MS06-040 patch. Security experts have warned that the flaw is easily exploitable and could be targeted by a superworm on the scale of Blaster.
A superworm has yet to appear, but Cupertino, Calif.-based antivirus giant Symantec Corp. warned Tuesday that the Randex worm has been modified to target the flaw.
According to Symantec's analysis, W32.Randex.GEL is a network-aware worm that opens a back door on compromised machines and programs them to listen for additional commands over an Internet Rely Chat (IRC) channel. This could allow attackers to:
As nasty as the worm may sound, Symantec considers it a low-level threat at this time. In fact, the company lowered its ThreatCon to Level 1 Tuesday. It had been set at Level 2 for more than a month due to the MS06-040 flaw and exploits against Microsoft PowerPoint and Excel.