Computer Associates warns on new worms for Windows

At least three new worm variants targeting a vulnerability in Microsoft's plug and play service have been spotted in the wild by enterprise software house Computer Associates' (CA) antivirus labs in Melbourne, with the vendor warning there is more to come over the next week.

According to CA, the new worms are also showing up in Australia with "a number of samples from domains" picked up on the vendor's antiviral scanning system.

Carrying a variety of payloads, the new worms have been identified and named as Win32.Tpbot.A, Win32.Esbot.A and Win32.Drugtob.B and all exploit the MS05-039 vulnerability.

So far the symptoms of infection include continuous rebooting. The new worms exploit a buffer overflow vulnerability in the plug and play services, running on port 445.

According to CA, "Organizations should have this blocked at the firewall, but must be wary of mobile users that connect from outside the corporate network (such as from a hotel or conference centre) and may bring an infected PC back into the network," in addition to applying the patch available from

Computerworld has contacted Microsoft Australia for comment and is awaiting a response.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about CA TechnologiesMicrosoft

Show Comments