A series of worms written to exploit a PnP networking vulnerability in Microsoft Windows are competing against each other for supremacy.
The vulnerability that the worms are scrapping over is identified by Microsoft as MS05-039 and can result in "Remote Code Execution and Local Elevation of Privilege". One of the worms taking advantage of un-patched systems is Zotob, which we reported on recently.
What's interesting is F-Secure's analysis of all of the worms going to work on the vulnerability and what they're doing to any other worms that have already taken root.
The F-Secure weblog details their findings, accompanied by a superb diagram.
Variants from both IRCBot and Bozori families are deleting competing PnP bots.
So, if your system has been exploited by a bot trying to zombify your machine, rest assured that another bot will be along to oust the existing bot and hand your CPU power over to a different set of unscrupulous characters.
