|
Description:
This worm spreads via network shares. It attempts to log onto systems using a list of user names and passwords hardcoded it its body. It then drops a copy of itself as CSRSSS.EXE in the accessed machines.
This worm also exploits the following Windows vulnerabilities to propagate across networks.
- Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
- RPC Locator vulnerability
- IIS5/WEBDAV Buffer Overflow vulnerability
For more information about these Windows vulnerabilities,
please refer to the following Microsoft Web pages:
It has backdoor capabilities and may execute several remote commands in the host machine. It also terminates certain antivirus processes, as well as running processes that belong to other malware files
Also, this worm steals Windows product ID information, as well as the CD keys of certain game applications.
This worm is written and compiled using Microsoft Visual C++. It runs on Windows NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Jul. 13, 2004 2:21:33 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
