TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_RBOT.BO
Overview
Solution

Malware type: Worm

Aliases: Backdoor.Win32.Rbot.gen (Kaspersky), W32/Sdbot.worm.gen (McAfee), W32.Spybot.Worm (Symantec), Worm/Rbot.CE (Avira), W32/Rbot-FB (Sophos),

In the wild: No

Destructive: No

Language: English

Platform: Windows NT, 2000, XP

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 High

Description: 

This worm spreads via network shares, and takes advantage of the following Windows vulnerability to propagate across networks:

    Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability

For more information about this Windows vulnerability, please refer to the following Microsoft Web page:

This worm attempts to log on to systems using a list of user names and passwords hardcoded in its body. It then drops a copy of itself in the accessed machines.

This worm also steals the CD keys of certain game applications. It also has backdoor capabilities and may execute commands issued by a remote user.

This worm runs on Windows NT, 2000 and XP.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jul. 3, 2004 4:25:05 PM GMT -0800
Description updated: Jul. 3, 2004 4:41:51 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.