|
Description:
This memory-resident worm is another variant of the AGOBOT family that exploits the vulnerabilities discussed in the following pages:
This worm propagates through network shares, and drops a copy of itself as DLLSVC32.EXE in the Windows system folder. It uses a list of user names and passwords to gain access to shared folders.
It also takes advantage of the backdoor components of certain malware if these malware are present in the infected system.
It acts as a server program controlled by an Internet Relay Chat (IRC) bot, thus capable of certain backdoor activities. It is also capable of stealing the CD keys of popular Windows-based applications and terminating certain programs.
This worm also modifies the HOSTS file, which prevents the user from accessing certain antivirus and security Web sites, and is capable of launching distributed denial of service (DDoS) attacks..
It runs on Windows NT, 2000 and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Sep. 4, 2004 12:37:01 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
