|
Description:
To propagate, this network worm attempts to log on to remote systems using a predefined list of weak passwords. Then, it drops and executes a copy of itself on the compromised machine.
It also has keylogging and backdoor capabilities. Once active, this worm acts as a backdoor server and waits for commands from a remote client program, leaving the system vulnerable to unauthorized remote access. It allows remote users running the client program to do the following:
- Get Windows command shell
- Run a command based on user’s access
- Execute a DOS command
- Create/Delete/Change/Get directory
- Download file from the Internet
- List/Delete files
- Bind a port
Some versions of this worm contain errors leave them unable to propagate.
This malware runs on Windows 95, 98, ME, NT, 2000 and XP. However, it has a different behavior on systems running Windows 95, 98, and ME.
For more information, refer to the Technical Details section. Note that TrendLabs is currently working to provide more information on this malware.
For additional information about this threat, see:
Solution
Technical Details
Description created: Jul. 11, 2003 1:36:08 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
