|
Description:
This memory resident worm arrives and propagates through network shares. Upon execution it drops a copy of itself as the file TAZKMGR.EXE in the Windows system folder.
It uses NetBEUI functions to get available lists of usernames and passwords and may also attempt to use its own list to access other shared folders in the network.
It takes advantage of the following Windows vulnerabilities:
- Buffer Overflow in SQL Server 2000
- IIS5/WEBDAV vulnerability
- RPC/DCOM vulnerability
- LSASS buffer overrun vulnerability
For more information regarding these vulnerabilities, please refer to the following Microsoft Web pages:
It also has backdoor capabilities. It comes with a built-in Internet Relay Chat (IRC) bot which allows it to connect to an IRC server. It then waits for commands from a remote user. Once connected, the remote user gains virtual control of the affected system.
Through this backdoor, the remote user can command the affected system to conduct denial of service (DoS) attacks, steal the CD keys of a list of PC games, and other malicious actions.
It runs on Windows 95, 98, ME, NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Oct. 20, 2004 12:51:08 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
