|
Description:
This worm propagates via network shares. It drops a copy of itself into accessible network shares by logging on using the a long list of user names and passwords.
This worm also takes advantage of the following known Windows vulnerabilities, malware backdoor capabilities and application to propagate:
- Buffer Overflow in Universal Plug and Play
- Buffer Overflow in SQL Server 2000
- IIS/WebDAV vulnerability
- Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
- Windows LSASS vulnerability
- WORM_BAGLE, WORM_MYDOOM, BKDR_OPTIX, BKDR_NETDEVIL, BKDR_KUANG and BKDR_SUB7 variants
- DameWare
For detailed information about these vulnerabilities, refer to the following Microsoft pages:
This worm also has backdoor functionalities. It comes with a built-in Internet Relay Chat (IRC) client engine, which enables it to connect to an IRC channel and wait for commands from a malicious user. It processes the commands on the local machine giving remote users virtual control of the infected system.
This worm steals the Windows product ID and the CD keys of certain game applications.
It runs on Windows NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Nov. 6, 2004 4:49:23 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
