|
Description:
This worm takes advantage of the Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability present on Windows systems, which allows an attacker to gain full access and execute any code on a target machine, leaving it compromised.
More information on this vulnerability can be found in the following Web page:
It also exploits the Windows LSASS Vulnerability. This is a buffer overrun vulnerability that allows remote code execution. Once successfully exploited, a remote attacker is able to gain full control of the affected system.
More information on this vulnerability can be found in the following Web pages:
This worm spreads via network shares. It searches for certain shared folders, where it drops copies of itself. It also uses its own list of user names and passwords to gain access to target systems.
It also has backdoor capabilities. It comes with an Internet Relay Chat (IRC) client, which allows it to connect to an IRC channel. It then listens for commands issued by a remote user to be executed locally on the system.
This worm steals CD keys of certain software and terminates certain processes. It runs on Windows NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Jul. 15, 2004 10:56:02 AM GMT -0800
Description updated: Jul. 21, 2004 4:16:14 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
