|
Description:
This memory-resident worm propagates across networks by exploiting the following vulnerabilities:
- Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
- IIS5/WEBDAV Buffer Overrun vulnerability
- LSASS vulnerability
For more information about the said Windows vulnerabilities, please refer to the following Microsoft Web pages:
It also uses NetBEUI functions to get available lists of user names and passwords. It then lists down all available network shares. It uses the gathered user names and passwords to log into remote machines and to drop a copy of itself to found shares.
(Note: NetBEUI is short for NetBios Extended User Interface. It is an extended version of NetBIOS, the program that lets machines communicate within a local area network.)
This worm opens varied ports and operates as an Internet Relay Chat (IRC) bot that connects to an IRC server. It then joins an IRC channel to receive several malicious commands from a malicious user.
Moreover, it steals the product ID of Windows as well as the CD keys of certain game applications.
It runs on Windows NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Dec. 2, 2004 5:05:49 AM GMT -0800
Description updated: Dec. 2, 2004 10:11:44 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
