TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_ESBOT.A
Also known as: CME-354
Overview
Solution

Malware type: Worm

Aliases: Backdoor.Win32.IRCBot.es (Kaspersky), W32/IRCbot.gen.b (McAfee), W32.Esbot.A (Symantec), Worm/SdBot.8201 (Avira), W32/Sdbot-ACG (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 95, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 High

Description: 

This worm takes advantage of the Microsoft Windows Plug and Play vulnerability to propagate across networks. For more information regarding this vulnerability, refer to the following Microsoft Web page:

(Note: The said propagation routine works only on Windows NT and 2000 because the Microsoft Windows Plug and Play vulnerability has inherent characteristics that prevent this worm from exploiting it on Windows XP and Server 2003.)

It uses various ports to connect to an IRC server and join a specific IRC channel. Once connected, it acts as a backdoor that enables a remote malcious user to issue certain commands locally on an affected machine.

For additional information about this threat, see:
Solution
Technical Details

Description created: Aug. 17, 2005 5:43:26 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.