|
Description:
This memory-resident worm uses rootkit technology in order to hide its process. It does this by dropping the file MSDIRECTX.SYS, which Trend Micro detects as TROJ_ROOTKIT.H.
It takes advantage of the following vulnerabilities to propagate across networks:
- IIS5/WEBDAV buffer overrun vulnerability
- Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
- Windows LSASS vulnerability
For more information about these vulnerabilities, refer to the following Web pages:
It also searches for certain network shared folders, where it then drops and executes a copy of itself. It may also use a list of user names and passwords in order to gain access to password-protected shares.
This worm also has backdoor capabilities, and may execute commands coming from a remote malicious user. It also steals system information from the compromised machine.
This worm is also capable of terminating several processes, as well as preventing affected users from accessing certain antivirus Web sites by adding entries in the system's HOSTS file.
For additional information about this threat, see:
Solution
Technical Details
Description created: Mar. 28, 2005 7:11:43 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
