|
Description:
This memory resident worm arrives and propagates through network shares. Upon execution, it drops a copy of itself as the file CCAPPS32.EXE in the Windows system folder. It may attempt to use its own extensive list of user names and passwords to gain access and further propagate onto other shared folders in the network.
It attempts to connect to the Web site tommy.tommy97.net, which then opens multiple browsers directed at pornographic Web sites. It then attempts to download the adware SLOTCH BAR from these pornographic sites. SLOTCH BAR is detected by Trend Micro as ADW_ISTBAR.W
It propagates by taking advantage of the following Windows vulnerabilities:
- Buffer Overflow in SQL Server 2000
- IIS5/WEBDAV vulnerability
- RPC/DCOM vulnerability
- LSASS buffer overrun vulnerability
For more information regarding these vulnerabilities, please refer to the following Microsoft Web pages:
It also has backdoor capabilities. It comes with a built-in Internet Relay Chat (IRC) bot which allows it to connect to an IRC server. It then waits for commands from a remote user. Once connected, the remote user gains virtual control of the affected system.
Through this backdoor, the remote user can command the affected system to conduct denial of service (DoS) attacks, steal the CD keys of a list of PC games, steal the Windows product ID, and other malicious actions.
It runs on Windows NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Oct. 19, 2004 8:19:11 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
