|
Description:
Worms are malicious programs that are able to replicate independently across a network, through email, Internet Relay Chat (IRC), or Peer-to-peer applications. They do not infect other files on a computer.
This variant of the WORM_RBOT family mainly propagate through network shares. Upon execution, it drops a copy of itself as the file IEXPL0RES.EXE in the Windows system folder. It then attempts to place copies of itself into accessible shared folders across a network. It may attempt to use its own compiled list of user names and passwords in order to access shared folders that are password protected.
It also takes advantage of the following Windows vulnerabilities to propagate:
- RPC DCOM buffer overflow vulnerability
- LSASS buffer overrun vulnerability
For more information regarding these vulnerabilities, please refer to the following Microsoft Web page(s):
It also has backdoor capabilities. It comes with a built-in Internet Relay Chat (IRC) bot that allows it to connect to an IRC server. It then waits for commands from a remote user. Once connected, the remote user may gain virtual control of the affected system.
Through this backdoor, the remote user can command the affected system to conduct Distributed Denial of Service (DDoS) attacks, and other malicious actions.
It runs on Windows NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Jan. 19, 2005 6:54:47 PM GMT -0800
Description updated: Jan. 19, 2005 6:55:04 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
