WORM_RBOT.MF - Description and solution

TrendLabs Malware Blog

Glossary

TrendWatch

TrendLabs Twitter

WORM_RBOT.MF

Overview

Solution

Technical Details

Malware type: Worm

Aliases: Backdoor.Win32.EggDrop.v (Kaspersky), W32/Sdbot.worm.gen.as (McAfee), W32.Spybot.Worm (Symantec), Worm/Rbot.LG (Avira), W32/Rbot-IP (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 95, 98, ME, NT, 2000, XP

Encrypted: No

Overall risk rating:

Reported infections:
Damage potential:		High
Distribution potential:		High

Description:

This worm takes advantage of the following Windows vulnerabilities to propagate across networks:

RPC/DCOM vulnerability
RPC Locator vulnerability
IIS/WebDAV vulnerability

More information on these vulnerabilities can be found in the following pages:

It propagates by dropping a copy into accessible network shares by logging on using the account of the currently logged user on the infected system. It may also use a long list of user names and passwords, as well as take advantage of other vulnerabilities, backdoor capabilities of other malware, and certain applications.

It has backdoor capabilities, and may execute commands coming from a remote malicious user. It also performs denial of service (DoS) attacks against target sites and steals CD keys of certain game applications.

It runs on Windows 95, 98,, ME, NT, 2000, and XP.

For additional information about this threat, see:
Solution
Technical Details

Description created: Sep. 14, 2004 1:03:00 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.