Machines connected to the Internet and not having installed patch MS06-040 released by Microsoft last week are now vulnerable for being hijacked by a new worm, a variant of the Mocbot trojan. This first appeared in August 2005 as the Zotob-worm.
Security firms expect this worm-attack to grow like a big one, despite this worm seemingly only to attack Windows 2000 machines.
Once installed into the system, the bot will connect to an IRC server and wait there for commands from the dronemaster. The hosts in question are bbjj.househot.com:18067 and ypgw.wallloan.com:18067.
It is using the same IP and host for the IRC server as the original Zotob-worm, which are located in China. It is quite hard to get cooperation from Chinese owners to get such machines off line or cleaned.
Thanks to upinsmoke for the tip.