|
Description:
This memory-resident worm spreads through the network by dropping copies of itself into accessible network shares. It may use a long list of user names and passwords, or the account of the currently logged user in order to access target shares.
This worm may also take advantage of the following vulnerabilities, malware backdoor capabilities, and applications to propagate into accessible systems:
- Buffer Overflow in SQL Server 2000 (MS02-061)
- Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability (MS02-026)
- Windows LSASS vulnerability (MS04-011)
- BKDR_KUANG
- BKDR_NETDEVIL
- BKDR_OPTIX
- BKDR_SUB7
- WORM_BAGLE
- WORM_MYDOOM
This worm also has backdoor capabilities. It acts as an Internet Relay Chat bot and attempts to connect to an IRC server, allowing remote users to issue commands locally on the affected system. It also allows a remote user to parse the registry for CD keys of popular applications.
It runs on Windows 95, 98, ME, NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Sep. 30, 2004 7:20:12 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
