TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_SPYBOT.EM
Overview
Solution

Malware type: Worm

Aliases: Backdoor.Win32.Wootbot.gen (Kaspersky), W32/Sdbot.worm.gen (McAfee), W32.Spybot.Worm (Symantec), Worm/WootBot.126976 (Avira), W32/Forbot-AC (Sophos), Worm:Win32/Wootbot.AB (Microsoft)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows NT, 2000, XP

Encrypted: Yes

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 High

Description: 

This worm propagates by dropping a copy of itself in accessible network shares. It logs in using the account of the logged user in the infected system. It may also use a long list of user names and passwords.

It also takes advantage of the following vulnerabilities to propagate into accessible systems:

  • Buffer Overflow in Universal Plug and Play
  • Buffer Overflow in SQL Server 2000
  • Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
  • WebDAV vulnerability

More information on these vulnerabilities can be found on the following Web pages:

It also takes advantage of an application and the backdoor capabilities of variants of several malware to propagate.

It has backdoor capabilities, which provide a malicious remote user virtual control over the infected system.

This worm runs on Windows NT, 2000, and XP.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jun. 19, 2004 1:54:33 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.