|
Description:
This memory-resident worm spreads via network shares. It attempts to log on to target systems using the account of the currently logged user on the infected system. It may also use a long list of user names and passwords to gain access to target machines. It then drops a copy of itself to accessed machines.
It may also exploit certain vulnerabilities to propagate across networks. It takes advantage of the following Windows vulnerabilities:
- IIS5/WEBDAV Buffer Overflow vulnerability
- Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
- Buffer Overflow in SQL Server 2000 vulnerability
- Windows LSASS and IIS SSL vulnerabilities
For more information about these Windows vulnerabilities, please refer to the following Microsoft Web pages:
It may also take advantage of certain backdoor capabilities of other malware programs and applications to propagate into accessible systems.
It has backdoor capabilities. It acts as an Internet Relay Chat bot that connects to a specific server. This allows a remote user to access the infected system and perform malicious commands. It can also steal the Windows product ID and CD keys of popular game applications.
This worm runs on Windows 95, 98, ME, NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Oct. 10, 2004 12:08:38 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
