|
Description:
This memory-resident worm spreads via network shares. It exploits the following vulnerabilities to propagate across networks:
- Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
- IIS5/WEBDAV Buffer Overflow vulnerability
- RPC Locator Vulnerability
For more information about these Windows vulnerabilities, please refer to the following Microsoft Web pages:
It also uses a list of user names and passwords in order to gain access to target systems. When it has gained access to a target system, it attempts to drop a copy of itself to the shared folders within the network.
It also has backdoor capabilities, which enables it connect to a random port and wait for commands from a remote malicious user. It then performs these commands on the local machine, thus compromising system security.
It runs on Windows 95, 98, ME, NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Jan. 18, 2005 10:40:22 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
