VIRUS ALERTS - December 6, 2005

Type
Worm

Aliases
Backdoor.Win32.IRCBot.az
W32/Sdbot.worm.gen.ar

W32/Rbot-BAK is a worm and IRC backdoor Trojan for the Windows platform.

W32/Rbot-BAK spreads to other network computers infected with: Troj/Kuang,
Troj/Sub7, W32/Sasser, Troj/NetDevil, W32/MyDoom, W32/Bagle and Troj/Optix and
to other network computers by exploiting common buffer overflow vulnerabilites,
including: LSASS (MS04-011), RPC-DCOM (MS04-012), WebDav (MS03-007),
IIS5SSL (MS04-011) (CAN-2003-0719), UPNP (MS01-059), Dameware
(CAN-2003-1030) and ASN.1 (MS04-007).

W32/Rbot-BAK runs continuously in the background, providing a backdoor server
which allows a remote intruder to gain access and control over the computer via
IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotbak.html

Type
Worm

W32/Rbot-BAE is a worm and IRC backdoor Trojan for the Windows platform.

W32/Rbot-BAE spreads to other network computers by exploiting common buffer
overflow vulnerabilities, including: LSASS

(MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812) and ASN.1
(MS04-007) and by copying itself to network shares protected by weak passwords.

W32/Rbot-BAE runs continuously in the background, providing a backdoor server
which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotbae.html

Type
Trojan

Aliases
Win32/Delf.DH

Troj/Delf-LT is a Trojan for the Windows platform that attempts to download and
execute the file all.exe to the C: drive from a predefined URL.

Troj/Delf-LT will continue this download action every 5 minutes.

The downloaded file all.exe is detected by Sophos as Troj/Dloader-SG.

http://www.sophos.com/virusinfo/analyses/trojdelflt.html