|
Description:
This memory-resident worm spreads via network shares. It exploits certain vulnerabilities to propagate across networks. It takes advantage of the following Windows vulnerabilities:
- IIS5/WEBDAV Buffer Overflow vulnerability
- Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
- Buffer Overflow in SQL Server 2000
- Windows LSASS Vulnerability
For more information about these Windows vulnerabilities, please refer to the following Microsoft Web pages:
It uses NetBEUI functions to get available lists of user names and passwords, then drops a copy of itself in network shares. It also uses a list of passwords in order to gain access.
It has backdoor capabilities, and attempts to connect to a specific Internet Relay Chat (IRC) server that allows a remote user to access the infected system and perform malicious commands. It can also steal the CD keys of popular game applications.
It runs on Windows 95, 98, ME, NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Sep. 20, 2004 2:48:28 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
