Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS ALERTS - December 26, 2005

by roddy32 Dec 25, 2005 11:39PM PST

W32/Rbot-BFR

Type
Worm

Aliases
Backdoor.Win32.Rbot.alj
W32/Sdbot.worm.gen.n
W32.Spybot.Worm
WORM_RBOT.DFP

W32/Rbot-BFR is a network worm with backdoor functionality for the Windows platform.

W32/Rbot-BFR spreads:

- to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), PNP (MS05-039) and ASN.1 (MS04-007)
- by copying itself to network shares protected by weak passwords

W32/Rbot-BFR runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotbfr.html

Discussion is locked

31 - 60 of 45 Posts
- Collapse + Expand Details
- Collapse -
Troj/Borobot-V
by Marianna Schmudlach Dec 26, 2005 2:07PM PST
- Collapse -
Troj/Small-FS
by Marianna Schmudlach Dec 26, 2005 2:08PM PST
- Collapse -
Troj/Dloadr-AH
by Marianna Schmudlach Dec 26, 2005 2:09PM PST
- Collapse -
W32/Rbot-BFV
by Marianna Schmudlach Dec 26, 2005 2:10PM PST

Type Spyware Worm

Aliases Backdoor.Win32.Rbot.alk
W32/Sdbot.worm.gen.ae

W32/Rbot-BFV is a network worm with backdoor Trojan functionality for the Windows platform.
W32/Rbot-BFV spreads using a variety of techniques including:
-exploiting weak passwords on computers and SQL servers
-exploiting operating system vulnerabilities
-using backdoors opened by other worms or Trojans.
W32/Rbot-BFV can be controlled by a remote attacker over IRC channels. The backdoor component of W32/Rbot-BFV can be instructed by a remote user to perform the following functions:
start an FTP server
start a Proxy server
start a web server
take part in distributed denial of service (DDoS) attacks
log keypresses
capture screen/webcam images
packet sniffing
port scanning
download/execute arbitrary files
start a remote shell (RLOGIN)
steal product registration information from certain software

http://www.sophos.com/virusinfo/analyses/w32rbotbfv.html

- Collapse -
W32/Rbot-BFU
by Marianna Schmudlach Dec 26, 2005 2:11PM PST

Type Spyware Worm

Aliases Backdoor.Win32.IRCBot.az

W32/Rbot-BFU is a network worm with backdoor Trojan functionality for the Windows platform.
W32/Rbot-BFU spreads using a variety of techniques including:
-exploiting weak passwords on computers and SQL servers
-exploiting operating system vulnerabilities
-using backdoors opened by other worms or Trojans.
W32/Rbot-BFU can be controlled by a remote attacker over IRC channels. The backdoor component of W32/Rbot-BFU can be instructed by a remote user to perform the following functions:
start an FTP server
start a Proxy server
start a web server
take part in distributed denial of service (DDoS) attacks
log keypresses
capture screen/webcam images
packet sniffing
port scanning
download/execute arbitrary files
start a remote shell (RLOGIN)
steal product registration information from certain software

http://www.sophos.com/virusinfo/analyses/w32rbotbfu.html

- Collapse -
Troj/HazifKit-B
by Marianna Schmudlach Dec 26, 2005 2:11PM PST
- Collapse -
Troj/Agent-IH
by Marianna Schmudlach Dec 26, 2005 2:12PM PST

Type Trojan

Troj/Agent-IH is a Trojan for the Windows platform.
Troj/Agent-IH will harvest email addresses from the infected computer and report them to a remote URL.
Troj/Agent-IH may inject code into running processes in order to avoid detection.

http://www.sophos.com/virusinfo/analyses/trojagentih.html

- Collapse -
Troj/Iyus-P
by Marianna Schmudlach Dec 26, 2005 2:13PM PST
- Collapse -
Troj/Agent-HZ
by Marianna Schmudlach Dec 26, 2005 2:14PM PST

Type Spyware Trojan

Aliases Trojan-PSW.Win32.Agent.an

Troj/Agent-HZ is a password stealing Trojan for the Windows platform.
Troj/Agent-HZ has the functionalities to:
- steal email server passwords
- send notification messages to remote locations
- access the Internet and communicate with a remote server via HTTP

http://www.sophos.com/virusinfo/analyses/trojagenthz.html

- Collapse -
Troj/LegMir-CN
by Marianna Schmudlach Dec 26, 2005 2:15PM PST
- Collapse -
W32/Rbot-BFR - downloading Sophos IDE's
by Trump3d-18767979787287171055463420089372 Dec 27, 2005 12:17AM PST

Roddy;

I have been tracking your "virus alerts" and downloading IDE's. They are all Sophos.

Since I am not running Sophos AV, their tech support tells me that don't support other AV programs.

So are these IDE's any good to my AVG program?

- Collapse -
No they aren't. The reason
by roddy32 Dec 27, 2005 12:35AM PST

we post these is so people are aware of the viruses. We chose Sophos because they are easy to copy and paste but the brand is not important. They are for info only. Happy

- Collapse -
ide files - sophos
by Trump3d-18767979787287171055463420089372 Dec 27, 2005 1:14AM PST

Thanks Roddy, for info...so should I delete the IDE files that I copied to my pc?

- Collapse -
Yes, they are no good to you, just stay
by roddy32 Dec 27, 2005 1:16AM PST

current with your AVG.

- Collapse -
Swenson, Roddy's Right..Make Sure....
by Grif Thomas Former Forum moderator Dec 27, 2005 12:43AM PST

...that you stay current with the AVG virus definitions and AVG should detect the same viruses as listed in the Sophos write ups listed..(Sometimes the names may be slightly different because of the different company preferences but most antivirus companies detect similar viruses.)

Sophos tends to put out good writeups about the viruses and they seem to be quicker at it as well. It doesn't mean their antivirus program is any better than anyone elses, but they sure put out good virus notifications.

Even bettter yet is the ability of all the mods here in this forum to get them posted everyday..Good job gang!

Hope this helps.

Grif

Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info