|
Description:
This worm propagates via network shares. However, if these shared folders have restricted access rights, it attempts to brute-force its way into these protected shares by logging on using a harcoded list of user names and passwords.
It also exploits the Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control over an affected system. This vulnerability is discussed in detail in the following pages:
This worm connects to an IRC (Internet Relay Chat) server having the IP address 65.75.154.10 at port 13001. It then joins a specific channel, where it listens for certain commands coming from a malicious user.
It runs on Windows 2000 and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Sep. 21, 2004 11:40:28 AM GMT -0800
Description updated: Sep. 21, 2004 12:25:51 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
