|
Description:
This malware has both worm and backdoor capabilities.
To propagate, it obtains user names and attempts to connect to remote machines using each obtained user name as both user name and password. In effect, accounts that have logon names as passwords allow this worm to propagate.
As a backdoor, it allows a remote user to gain access to a target system via IRC (Internet Relay Chat). It may execute the following commands for the remote malicious user:
- Upload/download programs on infected machine
- Open a file remotely
- Get system information about the affected machine (e.g processor speed, memory size, operating sytem, etc.)
- Scan for ports
- Join/leave a specified IRC channel
- Uninstall a copy of itself
- Visit a URL
- Update a copy of itself
- SYN flood a target host
It also deletes the system file NETSTAT.EXE from the Windows system folder.
Developed in Visual C++, this malware usually arrives as a Win32 executable file compressed with the Aspack utility. It runs on Windows 95, 98, ME, NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Oct. 8, 2003 12:48:03 PM GMT -0800
Description updated: Oct. 24, 2003 12:45:30 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
