The Zotob worm is similar to the previous major worms Sasser and Blaster. However, it has apparently spread more quickly than any other worm to date. And it has hit several high-profile media companies, including CNN, Time Warner, ABC, the AP, and the New York Times.

Security software company McAfee has said that the worm, technically referred to the company as W32/IRCbot.worm!MS05-039 or IRCbot.worm!MS05-039, is an Internet Relay Chat (IRC) Bot that has the ability to spread by exploiting systems that are not yet patched for the MS05-039 vulnerability.

The IRCbot.worm!MS05-039 worm appeared seven days from the initial announcement of the Microsoft vulnerability, McAfree said, demonstrating the fastest time between the announcement of a vulnerability and the success of a mass propagating exploit - even faster than Sasser, which took 14 days. The threat presented by this worm has been upgraded to High by McAfee.

Security software company Symantec, meanwhile, has identified six variants of the Zotob worm, and offers solutions for each. Versions of Windows from 95 forward are susceptible to one or more of the variants. Although it classifies the threat as "wild" in its nomenclature, it also states that it is "easy" to contain and remove the virus.

Patrick Runald, a senior anti-virus consultant with F-Secure, the computer security firm reportedly said "Companies are aware that there are vulnerabilities in Windows which they should police. It seems most likely that at each of the infected companies employees have used laptops outside corporate firewalls that were infected and then linked back into the network."

The Blaster virus writer, 19-year-old Jeffrey Parson of Hopkins, MN, has gone to prison in the U.S. for his activity. Convicted Sasser author Sven Jaschan of Waffensen, Germany, was given a suspended sentence in a Germany court.

                    
Jeffrey Parson             Sven Jaschan