|
Description:
This memory-resident worm spreads through network shares. It uses NetBEUI functions to get any available lists of user names and passwords. It then searches for shared folders and drops a copy of itself using the gathered list.
It takes advantage of the following vulnerabilities:
- Buffer Overflow in SQL Server 2000
- Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) Vulnerability
- WebDAV Vulnerability
- LSASS Vulnerability
Read more on the said vulnerabilities from the following links:
It also has backdoor capabilities. It opens a random port and attempts to connect to a specific Internet Relay Chat (IRC) server. It allows a remote user to access and perform several malicious commands.
It also steals the CD keys of certain popular game applications as well as the user names and passwords used in AOL and Yahoo messengers.
This Molebox 2–compressed worm runs on Windows 95, 98, ME, NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Sep. 8, 2004 3:09:39 PM GMT -0800
Description updated: Sep. 8, 2004 3:09:36 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
