|
Description:
This worm arrives via network shares. To propagate, it uses NetBEUI functions to get available lists of user names and passwords from a system. It lists down available network shares and uses the gathered user names and passwords to access these shares and drop a copy of itself.
It also uses a list of user names and passwords apart from those that were gathered from the system. It also generates IP addresses and attempts to drop copies of itself in default shares of target systems.
It also exploits the following Windows vulnerabilities to propagate:
-
RPC/DCOM vulnerability
-
RPC Locator vulnerability
-
IIS/WebDAV vulnerability
More information on these vulnerabilities can be found in the following Web pages:
This worm has backdoor capabilities. It acts as a server program controlled by an Internet Relay Chat (IRC) bot. It connects to an IRC server and then joins an IRC channel.
Once connected, this server program receives commands from the IRC bot. The bot inputs the commands in the IRC console and waits to receive information from the server. The said commands are used to control the target system and the behavior of the server program.
This worm is also capable of gathering CD keys from certain software. It also allows remote users to launch flood attacks from infected machines against a target site.
It runs on Windows 95, 98, ME, NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Sep. 24, 2004 12:58:27 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
