|
Description:
This memory-resident propagate via network shares. Like the earlier AGOBOT variants, it takes advantage of the following Windows vulnerabilities:
- Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
- IIS5/WEBDAV Buffer Overflow vulnerability
- RPC Locator vulnerability
- Microsoft Workstation Service Buffer Overrun vulnerability
For more information about these Windows vulnerabilities, please refer to the following Microsoft Web pages:
It attempts to log on to systems using a predefined list of user names and passwords.
It also has backdoor capabilities and may execute malicious commands on the host machine. It terminates antivirus-related processes and steals the CD keys of certain game applications.
It also disables access to certain antivirus Web sites by modifying the Windows HOSTS file.
This worm runs on Windows NT, 2000 and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: May. 19, 2004 1:22:38 AM GMT -0800
Description updated: Jun. 30, 2004 12:38:32 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
