|
Description:
It exploits certain vulnerabilities to propagate across networks. It takes advantage of the following Windows vulnerabilities:
- Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
- IIS5/WEBDAV Buffer Overflow vulnerability
- RPC Locator vulnerability
For more information about these Windows vulnerabilities, please refer to the following Microsoft Web pages:
This worm propagates via network shares. It uses a list of user names and passwords to access a target system.
This worm has backdoor capabilities. It scans for ports, where it connects with a malicious user and performs certain backdoor commands. It uses Secure Socket Layer (SSL) to encrypt the packets it sends.
It steals CD keys of certain game applications and performs denial of service attacks.
It is also capable of terminating certain antivirus and system applications.
It runs on Windows NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Aug. 3, 2004 3:39:26 PM GMT -0800
Description updated: Aug. 3, 2004 4:37:56 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
