Type Worm
W32/Rbot-BFP is a worm and with backdoor functionality for the Windows platform.
W32/Rbot-BFP spreads:
- to other network computers infected with: Troj/Kuang, Troj/Sub7, W32/Sasser, Troj/NetDevil, W32/MyDoom, W32/Bagle and Troj/Optix
- to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), WebDav (MS03-007), UPNP (MS01-059) and Dameware (CAN-2003-1030)
- by copying itself to network shares and MSSQL servers protected by weak passwords
W32/Rbot-BFP can be controlled by a remote attacker over IRC channels. The backdoor component of W32/Rbot-BFP can be instructed by a remote user to perform the following functions:
start an FTP server
start a Proxy server
start a web server
take part in distributed denial of service (DDoS) attacks
packet sniffing
port scanning
download/execute arbitrary files
start a remote shell (RLOGIN)
http://www.sophos.com/virusinfo/analyses/w32rbotbfp.html