|
Description:
This memory-resident worm spreads via network shares. It exploits certain vulnerabilities to propagate across networks. It takes advantage of the following Windows vulnerabilities:
- IIS5/WEBDAV Buffer Overflow vulnerability
- Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
- Buffer Overflow in SQL Server 2000 vulnerability
- Windows LSASS vulnerability
For more information about these Windows vulnerabilities, please refer to the following Microsoft Web pages:
It uses cached user names and passwords, as well as a list of user names and passwords hardcoded in its body, in order to access target systems. It then drops a copy of itself to accessed network shares.
It has backdoor capabilities that allow it to act as in Internet Relay Chat (IRC) bot. It then attempts to connect an IRC server, which allows a remote user to issue malicious commands locally on an affected machine. It can also steal the Windows product ID and CD keys of popular game applications.
This worm also has the ability to log user keystrokes and capture webcam images. It runs on Windows 95, 98, ME, NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Oct. 30, 2004 8:00:27 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
