The onslaught of worms based on the plug-and-play flaw appeared less than a week after Microsoft's patch release, leaving users very little time to protect their systems.
Many Windows 2000 users likely will not have patched yet since they need time to test the fixes before installing them, Ullrich said.
Although there are several worms that exploit the Windows plug-and-play flaw, the spread remains limited, Cole said. "We are not seeing any one of these really soaring or escalating to something like a Blaster or Slammer," he said. Symantec has elevated its ThreatCon elevated from one to two, with five being the highest.
Trend Micro has rated the worm attack "yellow," which is in the middle of its alert range. The security company has seen thousands of infections from Zotob alone, Hartmann said.
Infected machines can be cleaned up using tools available from antivirus software makers, including Symantec. Windows 2000 users who have not patched, should do so, Microsoft urges.
CNET News.com's Michael Kanellos contributed to this report.
Play video
Service Pack Manager is extremely effective and efficient patch management deployment tool. It gives me 100% control over the patch deployment process in our environment. It lets me patch when I want and what I want. The tool also seamlessly ties into Microsoft's websites so I can research a patch while I am in the application. We also use SPM to update Internet Explorer, Office and ISA with ease. Overall Service Pack Manager is a very affordable, low learning curve application which I would recommend to anyone
Posted by Marshall Doss on Thursday, August 18 2005 10:03 PM