8/17/2005  All Ball State University computer users should be aware of an ongoing threat of the W32.Esbot.A worm.  W32.Esbot.A is a worm that spreads by exploiting the Microsoft Windows Plug and Play Buffer Overflow Vulnerability. This vulnerability is described in the Microsoft Security Bulletin MS05-039, which could allow remote code execution and elevation of privilege.

When Esbot.A is executed, it is creates mutexes so that only one copy of the worm runs on the compromised computer.  After it copies itself it runs itself as a service.  This enables a computer to maintain synchronization with a PS/2 pointing device.  Stopping or disabling this service will result in system instability.

Systems Affected:  Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP.
The e-mail will have the following characteristics:

Also Known As:  Backdoor.Win32.IRCBot.es [Kaspersky Lab], W32/IRCbot.gen [McAfee], W32/Sdbot-ACG [Sophos], BKDR_RBOT.BD [Trend Micro]

To protect your PC from this worm you should be running Symantec virus definitions version 70816af (extended version: 8/16/2005 rev. 32) or greater are required to detect this threat.  If you do not have Symantec AntiVirus already installed on your computer system please visit http://www.bsu.edu/antivirus/.

Also all Windows computer users should be perform regular updates by going to http://windowsupdate.microsoft.com/ or by configuring the Windows Update Service to perform automatic updates to your computer.