|
Description:
This memory-resident malware has both worm and backdoor capabilities. It attempts to access shared network drives using a list of weak user names and passwords.
It also takes advantage of the Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) Vulnerability. For more information about the said vulnerability, please refer to the following Microsoft Web page:
It opens port 6667 to connect to an Internet Relay Chat (IRC) server, where it receives malicious commands from a remote user. It also listens to ports 4444, 1136, and 10057 for other malicious commands.
It terminates several antivirus-related programs. It modifies the HOSTS file to prevent an affected user from accessing Web sites of several antivirus and security companies.
This UPX-compressed malware is written in Microsoft Visual C++, a high-level programming language, and runs on Windows NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Jun. 7, 2004 12:30:13 AM GMT -0800
Description updated: Jun. 30, 2004 5:42:53 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
