W32/Rbot-AAQ is a network worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-AAQ spreads using a variety of techniques including exploiting weak passwords on computers and SQL servers, exploiting operating system vulnerabilities (including DCOM-RPC, LSASS, WebDAV and UPNP) and using backdoors opened by other worms or Trojans.
W32/Rbot-AAQ can be controlled by a remote attacker over IRC channels. The backdoor component of W32/Rbot-AAQ can be instructed by a remote user to perform the following functions:
start an FTP server
start a Proxy server
start a web server
take part in distributed denial of service (DDoS) attacks
capture screen/webcam images
download/execute arbitrary files
start a remote shell (RLOGIN)
W32/Kelvir-J is an instant messaging worm.
W32/Kelvir-J spreads by sending a message through Windows Messenger to all of the infected user's contacts.
W32/Kelvir-J encourages the recipient to visit a website to download a file which is usually a copy of the worm. The message text is "it's you <URL>".
W32/Kelvir-J may also drop a file detected by Sophos as W32/Sdbot-XE.