Description:
To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.
Malware Overview
This worm propagates via network shares. It does the said routine by dropping a copy of itself in the IPC$ folder, which is a default share. If the share is password-protected, it uses a list of user names and passwords to gain access.
It also takes advantage of the SQL Server 7.0 Service Pack Password vulnerability to propagate across networks. For more information regarding the said vulnerability, refer to the following Microsoft Web page:
Moreover, this worm usually arrives on a system as a file downloaded from the Internet by unsuspecting users when visiting malicious Web sites, or as a file dropped by other malware.
It also has backdoor capabilities. It opens random TCP ports and waits for several commands from a remote malicious user. Once a connection is established, it executes the said commands locally, such as termination of processes and logging of keystrokes, effectively compromising the affected system.
For additional information about this threat, see:
Solution
Technical Details
Description created: Mar. 1, 2007 2:34:49 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
