|
Description:
This memory-resident worm arrives on a system as dropped file of another malware that Trend Micro detects as TROJ_GUAP.E. It propagates through network shares using brute force technique and exploits, and propagates across networks by dropping a copy of itself into network shares.
It also exploits the following vulnerabilities to propagate across networks:
- Buffer Overflow in SQL Server 2000 vulnerability
- RPCSS Service vulnerability
- ASN.1 vulnerability
- LSASS vulnerability
For more information about the said Windows vulnerabilities, refer to the following Microsoft Web pages:
Upon execution, this worm drops a copy of itself as D1RECTX.EXE in the Windows folder. It also drops the file RDRIV.SYS that Trend Micro detects as TROJ_ROOTKIT.E, in the Windows system folder. It uses the said Trojan to hide itself in the process, thus avoiding easy detection.
It also has backdoor capabilities. It opens a various ports, allowing a remote user to access and perform malicious commands on an affected machine. The said routine provides remote users virtual control over affected systems, thus compromising system security.
Part of this worm's backdoor capabilities is launching a denial of service (DoS) attack against target systems using certain flooding methods. This prevents users from accessing the target site due to the large amount of traffic caused by the flood attacks.
It also connects to certain FTP sites to upload and download files. This routine puts users on risk of downloading possibly-malicious files.
This worm may cause a blue screen error while running TROJ_ROOTKIT.E on systems running Windows server 2003. This error causes affected systems to crash, resulting to a loss of unsaved data.
For additional information about this threat, see:
Solution
Technical Details
Description created: Oct. 1, 2005 3:36:49 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
