|
Description:
This memory-resident worm is another variant of the AGOBOT family that exploits the vulnerabilities discussed in the following pages:
This worm propagates through network shares, and drops a copy of itself as CSASS.EXE in the Windows system folder. It uses a list of user names and passwords to gain access to shared folders.
It acts as a server program controlled by an Internet Relay Chat (IRC) bot, thus capable of certain backdoor activities. It is also capable of stealing the CD keys of popular Windows-based applications and terminating certain programs.
This worm also is capable of launching distributed denial of service (DDoS) attacks.
Lastly, it modifies the HOSTS file, which prevents the user from accessing certain antivirus and security Web sites.
It runs on Windows NT, 2000 and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Aug. 27, 2004 4:01:36 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
