We're looking into a w32.spybot.worm infection on a PC that was left here clean yesterday. The PC's are behind an adsl router and have Norton AV, which detected svhost.exe as having W32.Spybot.Worm today.
It appears that the only event that might have brought the worm in was Battlefield 1942 that was played on the XP PC on the local network last night. During that session, he was kicked off a Battlefield server, by Punkbuster for spamming. Which makes me think the spybot was busy.
I've read a little bit about Battlefield using IRC to various degrees for it's communucation. Is it possible that the worm could have been installed on his PC via IRC connections within Battlefield?
We did find his administrator password was weak.... well non existent.
It appears that the only event that might have brought the worm in was Battlefield 1942 that was played on the XP PC on the local network last night. During that session, he was kicked off a Battlefield server, by Punkbuster for spamming. Which makes me think the spybot was busy.
I've read a little bit about Battlefield using IRC to various degrees for it's communucation. Is it possible that the worm could have been installed on his PC via IRC connections within Battlefield?
We did find his administrator password was weak.... well non existent.