The first wave of malicious attacks against the MS06-040 vulnerability is underway, using malware that hijacks unpatched Windows machines for use in IRC-controlled botnets.
The attacks, which started late Aug. 12, use a variant of a backdoor Trojan that installs itself on a system, modifies security settings, connects to a remote IRC (Internet Relay Chat) server and starts listening for commands from a remote hacker, according to early warnings from anti-virus vendors.
The MSRC (Microsoft Security Response Center) described the attack as "extremely targeted" and said it appears to be specifically targeting unpatched Windows 2000 machines.
"[This is] very much unlike what we have seen in the past with recent Internet-wide worms," said MSRC program manager Stephen Toulouse. "In fact, our initial investigation reveals this isn"t a worm in the "auto-spreading" classic sense," he added.