|
Description:
This memory-resident worm exploits certain vulnerabilities to propagate across networks. Like the earlier AGOBOT variants, it takes advantage of the following Windows vulnerabilities:
- Buffer Overfow in Universal Plug and Play
- Elevation of Privilege in SQL Server Web Tasks
- RPC Locator vulnerability
- IIS5/WEBDAV Buffer Overflow vulnerability
- Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
- MS Workstation Service Vulnerability
- Buffer Overrun in LSASS Could Allow Code Execution
For more information about these Windows vulnerabilities, please refer to the following Microsoft Web pages:
It also has backdoor capabilities and may execute malicious commands on the host machine. It terminates antivirus-related processes and steals the Windows product ID and the CD keys of certain game applications.
It also disables access to certain antivirus Web sites by modifying the Windows HOSTS file.
This worm runs on Windows 95, 98, ME, NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Sep. 1, 2004 2:09:46 AM GMT -0800
Description updated: Sep. 1, 2004 2:44:12 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
