|
Description:
This worm spreads through network shares. It gathers available lists of user names and passwords in the system and uses these to drop copies of itself in shared folders in the network. It also uses its own list of user names and passwords.
It has backdoor capabilities. It connects to an Internet Relay Chat (IRC) server and then joins an IRC channel to act as a server program controlled by an IRC bot. Once connected, this server program receives commands from the IRC bot.
This worm is capable of automatically notifying the bot of systems that have the following Microsoft Windows vulnerabilities:
- RPC/DCOM vulnerability
- RPC Locator vulnerability
- IIS/WebDAV vulnerability
More information on these vulnerabilities can be found in the following links:
This worm also terminates certain processes. It also steals Windows Product IDs and CD keys of the certain games and launches a denial of service (DoS) attack.
It runs on Windows NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Jun. 13, 2004 5:07:02 PM GMT -0800
Description updated: Jun. 13, 2004 5:33:47 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
