|
Description:
This memory-resident worm spreads through network shares and attempts to access machines using a list of user names and passwords.
It takes advantage of the Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability present on Windows XP, which allows an attacker to gain full access and execute any code on a target machine, leaving it compromised.
For more information about the said Windows vulnerability, please refer to the following Microsoft Web page:
It also has backdoor capabilities. It opens a random port and connects to an Internet Relay Chat (IRC) server. It then joins an IRC channel, where it receives several malicious commands.
It steals software information as well as the CD keys of certain game applications. It also retrieves the following data:
- AIM screen name
- Yahoo! user ID
- Windows product ID
This worm is compressed using Molebox and runs on Windows NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Sep. 16, 2004 9:13:16 AM GMT -0800
Description updated: Sep. 16, 2004 9:13:12 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
