|
Description:
This memory-resident worm spreads via network shares. It exploits the following vulnerabilities to propagate across networks:
- Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
- Windows LSASS vulnerability
For more information about these Windows vulnerabilities, please refer to the following Microsoft Web pages:
It scans the system for available lists of user names and passwords, which it uses to gain access to target systems. It may also use a hardcoded list of user names and passwords, aside from the gathered data. It then drops a copy of itself in accessed network shares.
It has backdoor capabilities, which enable it to act as an Internet Relay Chat (IRC) bot. This allows a remote user to access the infected system and perform malicious commands. It can also steal the Windows product ID and CD keys of popular game applications.
For additional information about this threat, see:
Solution
Technical Details
Description created: Mar. 18, 2005 1:05:29 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
