|
Description:
This memory-resident worm spreads via network shares. It exploits certain vulnerabilities to propagate across networks. It takes advantage of the following Windows vulnerabilities:
- IIS5/WEBDAV Buffer Overflow vulnerability
- Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
- Buffer Overflow in SQL Server 2000
- Windows LSASS Vulnerability
For more information about these Windows vulnerabilities, please refer to the following Microsoft Web pages:
It scans the network for specific shared folders, where it attempts to drop a copy of itself. It uses a list of passwords in order to gain access to these shares.
This worm has backdoor capabilities. It opens a random port and allows a remote user to access the infected system and perform malicious commands, via Internet Relay Chat (IRC). It can also steal the Windows Product ID and CD keysof popular game applications.
This worm also terminates several processes that are related to antivirus applications, and even other malware programs. It can also prevent a user from accessing antivirus Web sites by redirecting the Internet browser to the local machine whenever specific Web sites are accessed.
This worm It runs on Windows NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Aug. 25, 2004 10:05:59 AM GMT -0800
Description updated: Aug. 28, 2004 3:16:24 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
