|
Description:
Like most RBOT worms, this variant propagates via network shares. It uses a list of common user names and passwords to access shares that do not have full access rights and drops and executes a copy of itself on successfully accessed shares.
It also exploits the following known Windows security holes:
- Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
- IIS5/WEBDAV Buffer Overrun vulnerability
- Windows LSASS vulnerability
The following Microsoft pages offer more information about these vulnerabilities:
This worm also has backdoor functionalities. It comes with a built-in Internet Relay Chat (IRC) client engine, which enables it to connect to an IRC channel and wait for commands from a malicious user. It processes the commands on the local machine giving remote users virtual control of the infected system.
This worm steals the CD keys of certain game applications.
It enables malicious users to launch denial of service (DoS) attacks against target site(s) and terminates certain processes.
This worm runs on Windows 98, ME, NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Aug. 31, 2004 10:24:20 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
