Malware type: Worm

Aliases: Backdoor.Win32.Rbot.acl (Kaspersky), W32/Sdbot.worm.gen.as (McAfee), W32.Spybot.Worm (Symantec), Worm/Rbot.124224 (Avira), W32/Rbot-AXT (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 95, 98, ME, NT, 2000, XP

Encrypted: No

Description: 

This worm spreads by dropping copies of itself into accessible network shares. It also takes advantage of the following Windows vulnerabilities to propagate:

• Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
• Buffer Overflow in SQL Server 2000
• Windows LSASS vulnerability
• IIS5/WEBDAV vulnerability

For more information about these vulnerabilities, please refer to the following Microsoft Web pages:

• Microsoft Security Bulletin MS03-026
• Microsoft Security Bulletin MS02-061
• Microsoft Security Bulletin MS03-007
• Microsoft Security Bulletin MS04-011

This worm also has backdoor capabilities, and may execute commands coming from a remote malicious user. It also performs distributed denial of service (DDoS) attacks against target sites.

It terminates certain processes and modifies the system's HOST files.

It steals the CD keys of popular PC games.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jun. 8, 2005 11:47:32 PM GMT -0800
Description updated: Jun. 8, 2005 11:47:52 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.