|
Description:
This variant of the Mumu worm spreads through networks shares. It propagates by penetrating systems with weak administrator passwords and copying its program to the vulnerable systems.
It attempts to spread by locating Server Message Block (SMB) shares. It penetrates these shares using a list of weak administrator passwords.
To carry out its malicious routines, this worm drops several files upon execution, including two malware components detected as BAT_SPYBOT.A and TROJ_HACLINE.A.
It uses two ways to infiltrate its host system and execute its malicious program:
- remote connection - done through IP scanning
- local shared connection - done by finding established connections
It runs on Windows 95, 98, ME, 2000, XP and NT, but successfully replicates only in Windows NT, 2000 and XP due to its target shared folder which is only available under the said platforms.
For additional information about this threat, see:
Solution
Technical Details
Description created: Jul. 6, 2003 12:49:23 AM GMT -0800
Description updated: Jul. 1, 2003 12:00:00 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
