|
Description:
This memory-resident worm is capable of spreading across networks by exploiting the Windows LSASS vulnerability. This is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system.
More information on this vulnerability can be found in the following Web pages:
This worm is also capable of spreading by scanning network shares on random IP addresses. If it can gain full access rights to a remote system, it drops a copy of itself into a shared folder.
It may also use the backdoor capabilities of other malware to propagate.
This worm also has backdoor capabilities. It connects to an Internet Relay Chat (IRC) server and joins a specific channel, where it waits for malicious commands coming from a remote user. It executes the commands locally on an affected machine, providing the malicious user virtual control over the system.
It steals Microsoft Windows product ID. It also steals CD keys from certain game applications.
This worm runs on Windows NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Sep. 13, 2004 7:01:59 PM GMT -0800
Description updated: Sep. 26, 2004 10:34:43 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
