|
Description:
This worm exploits the RPC DCOM BUFFER OVERFLOW, a vulnerability in the Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface that allows an attacker to gain full access and execute any code on a target machine, leaving it compromised.
It further uses this exploit to drop and execute a copy of itself into the compromised machine.
This worm has been observed to continuously scan random ip addresses and send data to vulnerable systems on the network using port 135.
It also acts as a backdoor by connecting to a remote Internet Relay Chat (IRC) server where a malicious user sends commands that enable this malware to process on the affected system.
For more information on the RPC DCOM Buffer Overflow, please visit the following Microsoft page:
This worm executes on Windows 95, 98, ME, NT, 2000, and XP. It opens several ports and attempts to send out several data packets on these systems. Note however that the exploit that it uses runs only on Windows NT, 2000, and XP systems. Affected users with unpatched systems are urged to download the necessary patch from the Microsoft page cited above.
For additional information about this threat, see:
Solution
Technical Details
Description created: Aug. 11, 2003 7:29:54 PM GMT -0800
Description updated: Aug. 11, 2003 8:10:43 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
