Ken Dunham, malicious code manager for Reston, Va.-based iDefense, said Phatbot and Agobot can be some of the toughest bugs to detect and remove from PCs.
"Phatbot and Agobot silently creep along the Internet at a constant and aggressive rate, but tend not to get much attention from the antivirus companies," Dunham said. "In reality, they are among the most prolific and dangerous threats out there."
New versions of Phatbot and Agobot infected hundreds of thousands of computers in March, according to experts at cybersecurity firms F-Secure and LURHQ. The attack prompted the Department of Homeland Security's cybersecurity division to alert the computer security community because of its ability to elude easy identification and removal.
At the University of North Texas in Denton, nearly each of the 50 administrative computers infected with Sasser also harbored the latest version of Agobot, said Rich Anderson, the school's senior information security analyst.
Three days before the Sasser worm surfaced the school quarantined about 400 computers that had been infected with the latest version of Agobot, Anderson said.
Mario Rajan, co-owner of Tek Helper, a computer repair company in Chevy Chase, Md., said that about 15 of the 20 Sasser-infected computers he serviced also contained Phatbot worms. "The thing is that the user doesn't realize they have tons of viruses on their computers until Sasser shuts them down."
Mikko Hypponen, director of antivirus research at F-Secure Corp., in Finland, said that sometimes it is easier to reinstall the entire operating system than try to search around for dozens of bugs that might be hiding in the computer.
In general, security companies recommend that computer users frequently update their antivirus software, run firewall programs and download patches for security holes that software companies discover (see washingtonpost.com's guide to removing the Sasser worm and getting rid of "bot" programs for more information and links).