Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS ALERTS - December 6, 2005

Dec 5, 2005 8:29PM PST

W32/Rbot-BAM

Type
Worm

W32/Rbot-BAM is a worm and IRC backdoor Trojan for the Windows platform.

W32/Rbot-BAM spreads:

- to other network computers infected with W32/Sasser
- to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011) and RPC-DCOM (MS04-012)
- by copying itself to network shares protected by weak passwords

http://www.sophos.com/virusinfo/analyses/w32rbotbam.html

Discussion is locked

- Collapse -
W32/Rbot-BAK
Dec 6, 2005 5:32AM PST

Type
Worm

Aliases
Backdoor.Win32.IRCBot.az
W32/Sdbot.worm.gen.ar

W32/Rbot-BAK is a worm and IRC backdoor Trojan for the Windows platform.

W32/Rbot-BAK spreads to other network computers infected with: Troj/Kuang,
Troj/Sub7, W32/Sasser, Troj/NetDevil, W32/MyDoom, W32/Bagle and Troj/Optix and
to other network computers by exploiting common buffer overflow vulnerabilites,
including: LSASS (MS04-011), RPC-DCOM (MS04-012), WebDav (MS03-007),
IIS5SSL (MS04-011) (CAN-2003-0719), UPNP (MS01-059), Dameware
(CAN-2003-1030) and ASN.1 (MS04-007).

W32/Rbot-BAK runs continuously in the background, providing a backdoor server
which allows a remote intruder to gain access and control over the computer via
IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotbak.html

- Collapse -
W32/Rbot-BAE
Dec 6, 2005 5:34AM PST

Type
Worm

W32/Rbot-BAE is a worm and IRC backdoor Trojan for the Windows platform.

W32/Rbot-BAE spreads to other network computers by exploiting common buffer
overflow vulnerabilities, including: LSASS

(MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812) and ASN.1
(MS04-007) and by copying itself to network shares protected by weak passwords.

W32/Rbot-BAE runs continuously in the background, providing a backdoor server
which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotbae.html

- Collapse -
Troj/Delf-LT
Dec 6, 2005 5:36AM PST

Type
Trojan

Aliases
Win32/Delf.DH

Troj/Delf-LT is a Trojan for the Windows platform that attempts to download and
execute the file all.exe to the C: drive from a predefined URL.

Troj/Delf-LT will continue this download action every 5 minutes.

The downloaded file all.exe is detected by Sophos as Troj/Dloader-SG.

http://www.sophos.com/virusinfo/analyses/trojdelflt.html