|
Description:
This memory-resident malware has both worm and backdoor capabilities.
It drops itself as CVMONITOR.EXE in the Windows system folder and attempts to log on to systems using a list of user names and passwords.
It opens a varied port and acts as a server program controlled by an Internet Relay Chat (IRC) bot. It connects to an IRC server and joins an IRC channel to receive malicious commands. It also terminates antivirus-related programs and steals CD keys of certain game applications.
This worm can also automatically notify the bot of systems affected by certain Microsoft Windows vulnerabilities. More information on the said vulnerabilities is available from the following Microsoft pages:
It modifies the HOSTS file so that any access to certain antivirus and security Web sites is redirected to the local address 127.0.0.1.
This malware runs on Windows NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Apr. 30, 2004 9:33:35 AM GMT -0800
Description updated: Apr. 30, 2004 9:33:10 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
