|
Description:
This worm is the first known AGOBOT variant to exploit the Windows LSASS Vulnerability (MS04-11), which is a buffer overrun vulnerability that allows remote code execution and enables an attacker to gain full control of the affected system.
For more information on this vulnerability, please refer to the following Microsoft page:
It also attempts to log on to systems using a list of user names and passwords. It drops a copy of itself into accessible machines.
This worm has backdoor capabilities. It executes commands sent in via Internet Relay Chat (IRC).
It terminates certain antivirus processes and other security-related programs. It also modifies the Windows HOSTS file so that any access to specific antivirus Web sites is redirected to the local machine.
This UPX-compressed worm runs on Windows NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Apr. 29, 2004 3:55:40 AM GMT -0800
Description updated: May. 3, 2004 8:55:25 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
