Clever Bots

Bot software that infects vulnerable computers has evolved and now typically consists of modular architectures into which new functionality can be plugged quickly and easily. For example, the latest exploits for Microsoft's operating system are incorporated into such bot software in weeks, if not days.

Security Focus reports the Zotob worms compromise systems by sending data on port 445. If a computer is infected with the program, the worm starts a file-transfer protocol (FTP) server and attempts to spread further. The worm still has some bot functionality: Computers infected with the worm will join an Internet relay chat (IRC) session at a predefined addresses. An attacker who knows the IRC channel password can command the bot to disconnect or reconnect to the IRC channel, obtain system information, clean itself from the system, modify security settings, and download or execute files.