|
Description:
This worm spreads via network shares. To propagate, it searches for and lists down available network shares, where it drops a copy of itself.
It may also exploit a known Windows vulnerability known as LSASS vulnerability. This exploit is a buffer overrun that allows remote code execution and enables a malicious user to gain full control of affected systems. This vulnerability is discussed in detail in Microsoft Bulletin MS04-011 and Trend Micro's Vulnerability Description for MS04-011.
It has backdoor functionalities. It connects to an IRC server and acts as an IRC bot. It therefore enables a remote malicious user to execute commands locally on affected machines.
It runs on Windows 95, 98, ME, NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Oct. 14, 2004 9:41:15 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
