TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_SPYBOT.DN
Overview
Solution

Malware type: Worm

Aliases: Backdoor.Win32.Agent.ch (Kaspersky), W32/Sdbot.worm.gen (McAfee), W32.Spybot.Worm (Symantec), BDS/Agent.CH (Avira), W32/Forbot-L (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 2000, XP

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 High

Description: 

This worm propagates via network shares. It takes advantage of the following known Windows vulnerability:

    Windows LSASS vulnerability

For detailed information about these vulnerability, refer to the following Microsoft page:

This worm also has backdoor functionalities. It comes with a built-in Internet Relay Chat (IRC) client engine, which enables it to connect to an IRC channel and wait for commands from a malicious user. It processes the commands on the local machine giving remote users virtual control of the infected system.

This worm also steals the CD keys of certain game applications.

It runs on Windows 2000 and XP.

For additional information about this threat, see:
Solution
Technical Details

Description created: Sep. 3, 2004 2:18:42 AM GMT -0800
Description updated: Feb. 26, 2005 2:00:53 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.