|
Description:
This worm propagates via network shares. It drops copies of itself on default network shared folders. It also uses its own list of user names and passwords to access password-protected shares. It takes advantage of the following Windows vulnerabilities to propagate across networks:
- Buffer Overflow in SQL Server 2000
- IIS/WEBDAV vulnerability
- RPC/DCOM vulnerability
- Windows LSASS vulnerability
For more information on these vulnerabilities please check Microsoft's Security Bulletins Web site:
This worm connects to an IRC (Internet Relay Chat) server. Once connected, it enables a remote user to issue certain commands locally of the affected machine.
It is capable of process termination. It terminates running processes related to antivirus and security applications. In addition, it also terminates the processes of previously hot malware like WORM_MYDOOM, WORM_BAGLE, WORM_NETSKY, WORM_MSBLAST, and WORM_SOBIG.
Moreover, this worm is an information thief. It steals the Windows product ID and the CD keys of several popular games if they are installed in the affected system.
For additional information about this threat, see:
Solution
Technical Details
Description created: Jun. 9, 2005 4:26:35 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
