|
Description:
This memory-resident worm spreads via network shares. It exploits certain vulnerabilities to propagate across networks. It takes advantage of the following Windows vulnerabilities:
- IIS5/WEBDAV Buffer Overflow vulnerability
- Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
- Buffer Overflow in SQL Server 2000
- Windows LSASS Vulnerability
For more information about these Windows vulnerabilities, please refer to the following Microsoft Web pages:
It uses NetBEUI functions to get available lists of user names and passwords, then drops a copy of itself in network shares. It also uses a list of passwords in order to gain access.
It has backdoor capabilities, and attempts to connect to port 6667 (a normal mIRC port) that allows a remote user to access the infected system and perform malicious commands. It can also steal the Windows Product ID and CD keys of popular software applications. It also uses carnivore network sniffer to gather sensitive information from a target system.
It runs on Windows 98, ME, NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: May. 17, 2004 2:01:01 PM GMT -0800
Description updated: Sep. 22, 2004 9:47:55 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
