|
Description:
This worm generates random IP addresses, and attempts to spread by sending a specially crafted packet to found machines. The said packet exploits the buffer overflow vulnerability of the LSASS component of Windows.
The Windows LSASS vulnerability is a buffer overrun that allows remote code execution and enables a malicious user to gain full control of the affected system. This vulnerability is discussed in detail in the following Microsoft page:
This worm also has backdoor functionalities. It operates as an IRC (Internet Relay Chat) bot that connects to a server using the first available port of the infected system. It executes commands received from remote users via the IRC server.
This worm steals the CD keys of certain game applications. It runs on Windows 98, ME, NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Sep. 19, 2004 5:28:04 AM GMT -0800
Description updated: Sep. 19, 2004 5:54:47 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
