TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_ESBOT.C
Also known as: CME-284
Overview
Solution

Malware type: Worm

Aliases: W32/Sdbot.worm.gen.by (McAfee), W32.Esbot.B (Symantec), DR/IRCBot.8184.B (Avira), W32/Hwbot-B (Sophos), Worm:Win32/Esbot.B!CME-284 (Microsoft)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 95, 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 High

Description: 

This worm takes advantage of the Microsoft Windows Plug and Play vulnerability to propagate across networks. For more information regarding the said vulnerability, refer to the following Microsoft Web page:

Note that the said propagation routine works only on Windows NT and 2000 because the Microsoft Windows Plug and Play vulnerability has inherent characteristics that prevent this worm from exploiting it on Windows 95, 98, ME, XP, and Server 2003.

This worm also has backdoor capabilities. It uses various ports to connect to a specific Internet Relay Chat (IRC) server and join a particular IRC channel. Once connected, it acts as a backdoor that enables a remote malicious user to issue certain commands locally on an affected machine.

For additional information about this threat, see:
Solution
Technical Details

Description created: Aug. 17, 2005 8:49:32 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.