TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_AGOBOT.AAH
Overview
Solution

Malware type: Worm

Aliases: Backdoor.Win32.Wootbot.gen (Kaspersky), W32/Sdbot.worm.gen.as (McAfee), W32.Spybot.Worm (Symantec), Worm/WootBot.89600 (Avira), W32/Forbot-CB (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 95, 98, ME, NT, 2000, XP

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 High

Description: 

This worm takes advantage of the Windows LSASS vulnerability.

For more information about this Windows vulnerability, please refer to the following Microsoft Web page:

It also attempts to log on to systems using a list of user names and passwords. It drops a copy of itself into accessible machines.

This worm has backdoor capabilities. It executes commands sent in via Internet Relay Chat (IRC) and can be used to launch a Denial of Service (DoS) attack against specified target sites.

It steals the CD keys of popular game applications. It also has the ability to steal Windows product IDs and AOL screen names.

It installs a keylogger on the infected system.

This worm runs on Windows 95, 98, ME, NT, 2000, and XP.

For additional information about this threat, see:
Solution
Technical Details

Description created: Oct. 26, 2004 7:23:32 PM GMT -0800
Description updated: Oct. 26, 2004 7:47:30 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.