|
Description:
This memory-resident worm spreads via network shares. It exploits certain vulnerabilities to propagate across networks. It takes advantage of the following Windows vulnerabilities:
- IIS5/WEBDAV Buffer Overflow vulnerability
- Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
- Windows LSASS vulnerability
For more information about these Windows vulnerabilities, please refer to the following Microsoft Web pages:
It uses a list of user names and passwords to log on to target network shares, where it then attempts to drop a copy of itself.
It has backdoor capabilities, which allows it to act as a server program controlled by Internet Relay Chat (IRC). This allows a remote user to access the infected system and perform malicious commands. It can also steal the Windows product ID and CD keys of popular game applications.
This worm also has the ability to launch denial of service (DoS) attacks to certain locations using various flooding methods. It can also terminate certain processes, most of which are related to other malware programs.
For additional information about this threat, see:
Solution
Technical Details
Description created: Apr. 12, 2005 7:51:45 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
