W32/Tilebot-DH is a network worm and IRC backdoor Trojan for the Windows platform
W32/Tilebot-DH spreads to other network computers by exploiting common buffer overflow vulnerabilities, including LSASS (MS04-011), RPC-DCOM (MS04-012), PNP (MS05-039) and ASN.1 (MS04-007) and by copying itself to network shares protected by weak passwords.
The following patches for the operating system vulnerabilities exploited by W32/Tilebot-DH can be obtained from the Microsoft website:
W32/Zotob-L is a worm and IRC backdoor Trojan for the Windows platform.
W32/Zotob-L spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: PNP (MS05-039) and ASN.1 (MS04-007).
W32/Zotob-L sends itself in emails with the following characteristics:
Subject: chosen from a list including
Warning Message: Your services near to be closed.
Your Account is Suspended
*DETECTED* Online User Violation
Your Account is Suspended For Security Reasons
Message text: one of four paragraphs claiming that the recipient has abused their account