Malware type: Worm

Aliases: Backdoor.Win32.Rbot.adf (Kaspersky), W32/Sdbot.worm.gen.q (McAfee), W32.Spybot.Worm (Symantec), TR/Crypt.XPACK.Gen (Avira), W32/Rbot-Gen (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 95, 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Description: 

This worm propagates via network shares. It drops copies of itself on certain network shared folders. It also uses its own list of user names and passwords to access password-protected shares.

It takes advantage of the following Windows vulnerabilities to propagate across networks:

• RPC/DCOM vulnerability
• Windows LSASS vulnerability

For more information on these vulnerabilities please check Microsoft's Security Bulletins Web site:

• Microsoft Security Bulletin MS03-026
• Microsoft Security Bulletin MS04-011

This worm also connects to an IRC (Internet Relay Chat) server. Once connected, it enables a remote user to issue certain commands locally on the affected machine.

For additional information about this threat, see:
Solution
Technical Details

Description created: May. 26, 2005 11:46:03 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.