|
Description:
This worm spreads via network shares. It attempts to log onto systems using a list of a combination of common user names and passwords that are hardcoded it its body. It then drops a copy of itself as MSLTI64.EXE in the accessed machines.
This worm exploits the following Windows vulnerabilities to propagate across networks.
- Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
- IIS5/WEBDAV Bbuffer Overrun vulnerability
- LSASS vulnerability
For more information about these Windows vulnerabilities,
please refer to the following Microsoft Web pages:
It has backdoor capabilities and may execute several remote commands in the host machine. It also terminates certain antivirus processes, and modifies entries on the system's HOSTS file so that users cannot access ativirus Web sites.
Additionally, this worm gathers Windows product IDs, AOL screen name information, as well as email addresses from MSN and Windows Address Book of the system. It also steals CD keys of certain game applications.
This worm runs on Windows NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Jul. 27, 2004 10:26:22 AM GMT -0800
Description updated: Aug. 24, 2004 4:26:38 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
