TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_SPYBOT.AHQ
Overview
Solution

Malware type: Worm

Aliases: Backdoor.Win32.Rbot.mq (Kaspersky), W32/Sdbot.worm.gen.t (McAfee), W32.Spybot.Worm (Symantec), Worm/Rbot.299008.2 (Avira), W32/Rbot-BJP (Sophos),

In the wild: No

Language: English

Platform: Windows 95, 98, NT, ME, 2000, XP, and Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 High

Description: 

This malware spreads through network shares by randomly generating IP addresses and attempting to drop a copy of itself to the target address' default shared folder.

Upon execution, it drops a copy of itself as GAMEMANAGER.EXE in the Windows system folder.

This program also has backdoor capabilities whereby it connects to a remote Internet Relay Chat (IRC) server and joins a specific channel. Here, the worm receives commands from a remote malicious user who may either download or execute files from the infected system.

For additional information about this threat, see:
Solution
Technical Details

Description created: Apr. 21, 2005 6:04:53 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.