|
Description:
This memory-resident worm propagates via network shares. It scans the network for weak passwords, then attempts to drop a copy of itself to accessed machines within the network. It also uses a list of weak passwords hardcoded in its body to force its way into a system.
One of its threads starts an Internet Relay Chat (IRC) bot to connect to the remote IRC server syriu.no-ip.org and to listen for outside connection.
It then executes the malicious commands issued by the remote malicious user.
It is capable of detecting other malware programs that are active on the system by scanning the specific ports the said programs use. It also terminates certain processes running on the system.
It can obtain cached passwords on Win9x systems, perform keylogging routines, and steal CD keys of certain applications. It may then send these data to a remote email address.
It runs on Windows 98, NT, ME, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Jun. 24, 2004 3:34:28 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
