TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_RBOT.AOS
Overview
Solution

Malware type: Worm

Aliases: Backdoor.Win32.Rbot.gen (Kaspersky), W32/Sdbot.worm.gen.t (McAfee), W32.HLLW.Gaobot (Symantec), TR/Crypt.XPACK.Gen (Avira), W32/Rbot-Gen (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows NT, 2000, XP

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 High

Description: 

This memory-resident worm propagates across networks by dropping a copy of itself into systems using a list of user names and passwords.

It also takes advantage of the Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability. For more information about the said Windows vulnerability, please refer to the following Microsoft Web page:

It tries to access a specific site and functions as an Internet Relay Chat (IRC) bot that connects to TCP port 30105 on certain IRC servers. It then joins an IRC channel to receive several malicious commands from a remote user.

For additional information about this threat, see:
Solution
Technical Details

Description created: Feb. 27, 2005 5:52:34 PM GMT -0800
Description updated: Feb. 27, 2005 5:52:37 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.