|
Description:
This worm propagates via network shares. It uses NetBEUI functions to get available lists of user names and passwords. It then lists down the available network shares and attempts to drop a copy of itself into these shares using the gathered user names and passwords.
It also generates IP addresses and attempts to drop a copy of itself to a target address’ default shares. It also uses a predefined list of user names and passwords found in its code in order to gain access on target systems.
This worm has backdoor capabilities, and may execute commands coming from a remote malicious user. It is also capable of identifying systems that are vulnerable to the following exploits:
- Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
- Buffer Overflow in SQL Server 2000 vulnerability
- IIS5/WEBDAV buffer overrun vulnerability
- LSASS vulnerability
More information on these vulnerabilities can be found in the following Microsoft pages:
This worm runs on Windows NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Sep. 18, 2004 11:55:51 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
