|
Description:
To propagate, this worm exploits the Windows LSASS flaw, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system. This vulnerability is discussed in detail in the following pages:
It also has backdoor capabilities. It acts as an IRC bot that connects to a certain IRC server, and joins a specific channel using a random nickname. It monitors and then responds to private messages, usually from a malicious user, by employing specific keyword triggers. It enables the remote user to do the following:
- Get system information
- Delete shared drives
- Manipulate IRC privileges
- Upload/download files
- Scan open ports
- Execute file
To ensure its survival, it terminates several antivirus processes from memory.
This worm also attempts to steal the CD keys of popular game applications.
Important: This FSG-compressed worm runs on Windows 95, 98, ME, NT, 2000, and XP. However, it is unable to perform the exploit on Windows 95, 98, and ME systems since these platforms are not affected by the LSASS vulnerability.
For additional information about this threat, see:
Solution
Technical Details
Description created: Jun. 14, 2004 3:16:57 PM GMT -0800
Description updated: Jun. 24, 2004 3:08:12 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
