Type Spyware Worm
W32/Tilebot-IK is a worm with backdoor functionality for the Windows platform.
W32/Tilebot-IK spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), SRVSVC (MS06-040), RPC-DCOM (MS04-012), RealVNC (CVE-2006-2369) and ASN.1 (MS04-007). The worm may also spreads via network shares protected by weak passwords.
W32/Tilebot-IK runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Tilebot-IK includes functionality to:
- set up an FTP server
- set up a proxy server
- spread via AOL Instant Messager by sending messages automatically
- change Internet Explorer start page
- set or remove network shares
- port scanning
- packet sniffing
- start a remote shell (RLOGIN)
- access the internet and communicate with a remote server via HTTP
- harvest information from clipboard
- take part in Distributed Denial of Service (DDoS) attacks