|
Description:
This malware spreads through network shares. It uses NetBEUI functions to gather cached passwords of the currently logged user. It then uses the gathered passwords to log on to accessible network shares, where it will drop and execute a copy. If this fails, the malware may also use a hardcoded list of user names and passwords.
This worm can also take advantage of the following vulnerabilities to facilitate its propagation:
- Buffer Overflow in Universal Plug and Play
- Buffer Overflow in SQL Server 2000
- Locator Service Vulnerability
- WebDAV vulnerability
- Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
- MS Workstation Service Vulnerability
For more information about these Windows vulnerabilities, please refer to the following Microsoft Web pages:
It also has backdoor capabilities and may execute malicious commands on the host machine. It terminates antivirus-related processes and steals the Windows product ID and the CD keys of certain game applications.
It also disables access to certain antivirus Web sites by modifying the Windows HOSTS file.
This worm runs on Windows NT, 2000 and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: May. 14, 2004 8:13:07 PM GMT -0800
Description updated: May. 14, 2004 8:41:29 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
