Malware type: Worm

Aliases: Backdoor.Win32.Rbot.gen (Kaspersky), W32/Sdbot.worm.gen.x (McAfee), W32.Spybot.Worm (Symantec), Worm/Rbot.HF (Avira),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 95, 98, ME, NT, 2000, and XP

Encrypted: No

Description: 

This worm exploits the following Windows vulnerabilities to propagate and perform denial of service (DoS) attacks:

• Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
• IIS5/WEBDAV Buffer Overflow vulnerability

More information about these vulnerabilities can be found at the following Microsoft pages:

• Microsoft Security Bulletin MS03-026
• Microsoft Security Bulletin MS03-007

This worm uses a long list of usernames and passwords to access network shares.

This worm also has backdoor capabilities. It connects to an IRC (Internet Relay Chat) server as a bot. It then listens for certain commands from a malicious user.

It also steals CD keys of certain popular game applications.

It runs on Windows NT, 2000, and XP.

For additional information about this threat, see:
Solution
Technical Details

Description created: Aug. 28, 2004 12:47:37 PM GMT -0800
Description updated: Aug. 28, 2004 4:20:36 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.