The new Spybot and the attack against Windows NT machines seem to be separate, Symantec said. It has deployed honey pot systems in the hopes of collecting a sample of the new NT worm.
Windows NT users are particularly vulnerable to attack, Cole added, since the aged operating system has been dropped from Microsoft's support list; the Redmond, Wash. developer stopped issuing security fixes for NT on the last day of 2004.
"There's been a lot of activity exploiting the MS06-040 vulnerability," said Cole. "Randex, Stration, a number of threats. Once an exploit is released, everyone scrambles to include it."
By Symantec's tally, six known bots are leveraging the MS06-040 exploit. That was enough for the Cupertino, Calif. security company to push its ThreatCon security status ranking from "1" to "2" on Thursday.
"It's a cumulative thing," said Cole, acknowledging that no single exploit caused the company to up its alert level. "The increase in infection angles and the activity on port 139 and 445 shows it's a problem across the board."
Both Symantec and the ISC urged users to patch their systems with the fix issued with MS06-040. If patching isn't possible -- or one is simply not available, as is the case for Windows NT users -- users should filter or block TCP ports 139 and 445, the pair advised.