|
Description:
This worm takes advantage of the following Windows vulnerabilities:
- IIS5/WEBDAV Buffer Overflow vulnerability
- Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
- RPC Locator vulnerability
- Workstation Service vulnerability
For more information about these Windows vulnerabilities, please refer to the following Microsoft Web pages:
It is capable of scanning network shares on random IP addresses. If it has full access rights to a remote system, it copies itself to the shared folders. If it has restricted access, it attempts to log on to the remote system using a long list of user names and passwords.
It has backdoor capabilities. It executes commands sent in via Internet Relay Chat (IRC) and can be used to launch a Denial of Service (DoS) attack against specified target sites.
It terminates certain antivirus processes. It steals the CD keys of popular game applications.
This worm runs on Windows NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Dec. 20, 2004 11:40:21 AM GMT -0800
Description updated: Dec. 21, 2004 1:16:57 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
