|
Description:
This worm scans for network shares on random IP addresses. If it has full access rights to a target system, it copies itself to the shared folders.
If it has restricted access, it attempts to log on to the target system using a list of weak user names and passwords. It may also gather usernames and passwords from the systems cache. If it is able to successfully drop a copy of itself, it attempts to use the Schedule service to automatically execute itself.
It is capable of automatically notifying the bot of systems that have the following Microsoft Windows vulnerabilities:
- RPC/DCOM vulnerability
- IIS/WebDAV vulnerability
- LSASS vulnerability
More information on these vulnerabilities can be found in the following links:
This worm also has backdoor capabilities. It connects to an Internet Relay Chat (IRC) server, where it listens for commands coming from a malicious user. It executes the commands locally on an affected machine, providing the malicious user virtual control over the system.
It also steals the Microsoft Windows Product ID and the CD keys of certain game applications.
It runs on Windows 95, 98, ME, NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Sep. 5, 2004 4:50:58 PM GMT -0800
Description updated: Sep. 10, 2004 12:16:51 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
