|
Description:
This worm arrives as a Windows executable file. Upon execution, it drops a copy of itself in the Windows system folder, then modifies the registry to ensure its automatic execution every system startup.
It propagates through network shares. It searches for default shares, then drops a copy of itself on these shares. It also exploits the following Windows vulnerabilities:
- Remote Procedure Call (RPC)/ Distributed Component Object Model (DCOM) vulnerability
- Windows LSASS vulnerability
More information can be found on the following pages:
It has backdoor capabilities. It has a built-in Internet Relay Chat (IRC) client engine. It connects to an IRC server and an IRC channel. Once connected, it opens a random port and awaits for commands coming from a remote malicious user, and executes these commands on the local machine.
It also performs denial of service (DoS) attacks, terminates antivirus processes, steals CD keys of several popular games, deletes variants of BAGLE and MYDOOM, and modifies the HOSTS file.
For additional information about this threat, see:
Solution
Technical Details
Statistics
Description created: Apr. 7, 2005 12:00:00 AM GMT -0800
Description updated: Apr. 7, 2005 8:32:54 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
