TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_AGOBOT.AAU
Overview
Solution

Malware type: Worm

Aliases: Backdoor.Win32.Wootbot.p (Kaspersky), W32/Sdbot.worm.gen.as (McAfee), W32.Spybot.Worm (Symantec), Worm/WootBot.75264 (Avira), W32/Forbot-CQ (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 95, 98, ME, NT, 2000 , XP

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 High

Description: 

This memory-resident worm propagates across networks by exploiting the Windows LSASS vulnerability, which could allow remote code execution on an affected system. For more information about the said Windows vulnerability, please refer to the following Microsoft Web page:

It also attempts to delete several antivirus and security programs and certain shared folders.

This worm runs on Windows 95, 98, ME, NT, 2000, and XP.

For additional information about this threat, see:
Solution
Technical Details

Description created: Nov. 6, 2004 3:57:53 AM GMT -0800
Description updated: Nov. 5, 2004 3:57:51 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.