Security researchers late yesterday spotted botworms exploiting a zero-day bug in Microsoft Corp.’s Windows DNS Server Service, confirming suspicions earlier in the day that hackers were sniffing out vulnerable systems. McAfee Inc.’s Avert Labs was the first to report that a new Nirbot variant — the worm also goes by the name Rinbot — was trying to exploit the DNS vulnerability in the wild. In a blog entry yesterday afternoon, virus research manager Craig Schmugar said the botworm was an “internet relay chat [IRC] controlled backdoor, which provides an attacker with unauthorized remote access to the compromised computer.” Later Monday, McAfee announced it had found a second Nirbot/Rinbot variant exploiting the bug. Full Story