WINS Worm on the Lose

It seems there is a Trojan on the lose that is exploiting the recent WINS vulnerability which can be found in MS04-045. The Trojan that is known as Troj/Winser-A attempts to spread using the WINS vulnerability, while backdooring compromised systems along the way.
The main part of the Trojan is called ccEvtMngr.exe which is an attempt to masquerade as an executable called ccevtmgr.exe which is part of the Norton Internet Security Suite. This file is 139Kbytes in size and contains another file called ccSetMngr.ext which the Trojan attempts to drop onto the system.

The main Trojan attempts to spread using the WINS vulnerability described in MS04-045 over connections on TCP port 42. If a machine is successfully compromised the Trojan connects back to the attacking machine on TCP port 37264, this connection is effectively a reverse shell that the attacking machines uses to upload and executes a batch file to run FTP to grab a copy of the Trojan from an FTP server running on TCP port 36010 and then install the Trojan on the compromised system.

This whole infection process seems to be controlled via an IRC server Botnet running on the IRC server at irc.bel3c.com.