|
Description:
This worm takes advantage of the Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability present on Windows systems, which allows an attacker to gain full access and execute any code on a target machine, leaving it compromised.
More information on this vulnerability can be found in the following Web page:
This worm spreads through network shares. It searches for certain shared folders, where it drops copies of itself. It also uses its own list of user names and passwords to gain access to target systems.
It also has backdoor capabilities. It comes with an Internet Relay Chat (IRC) client, which allows it to connect to an IRC channel. It then listens for commands issued by a remote users ot be processed locally on the system.
This worm steals CD keys of certain game applications, and other critical system information. It attempts to send the harvested data to a remote user.
This worm runs on Windows NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Aug. 10, 2004 2:05:18 PM GMT -0800
Description updated: Aug. 10, 2004 2:28:14 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
