|
Description:
This memory-resident malware has both worm and backdoor capabilities.
Like the earlier AGOBOT variants, it takes advantage of the following Windows vulnerabilities to propagate across networks:
- Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) Vulnerability
- RPC Locator Vulnerability
- IIS5/WEBDAV Buffer Overflow Vulnerability
For more information about these Windows vulnerabilities, please refer to the following Microsoft Web pages:
It drops itself as the file CPSDV.EXE in the Windows system folder and attempts to log into systems using a list of user names and passwords.
It connects to an Internet Relay Chat (IRC) server and joins an IRC channel to receive malicious commands, which it processes on the machine.
It also terminates antivirus-related programs and steals CD keys of certain game applications.
This malware arrives as a PECrypt-compressed executable file and is written using Microsoft Visual C++, a high-level programming language.
It runs on Windows NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Apr. 4, 2004 3:22:33 PM GMT -0800
Description updated: Jun. 14, 2004 7:23:43 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
