|
Description:
This worm propagates via network shares. It drops copies of itself in certain networrk shared folders. It also uses its own list of user names and passwords to access password-protected shares.
It takes advantage of the following vulnerabilities to propagate across networks:
- Windows IIS/WebDAV vulnerability
- Windows RPC DOM vulnerability
- Windows LSASS vulnerability
- Veritas Backup Exec Name Service Buffer Overflow vulnerability
For more information on the Windows vulnerabilities, please check the following Microsoft Web pages:
Using random ports, this worm connects to an IRC server and joins a specific IRC channel. Once connected, it acts as a backdoor that enables a remote malicious user to issue certain commands locally on an affected machine.
Part of its backdoor capabilities are information theft and process termination. It steals the Microsoft Windows product ID and the CD keys of several popular games, if they are installed on the affected system. It also terminates a number of running processes.
For additional information about this threat, see:
Solution
Technical Details
Description created: Aug. 5, 2005 2:48:52 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
