Troj/Agent-BUI is a Trojan for the Windows platform.
W32/Rbot-DZX is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-DZX spreads to other network computers by:
- exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), WebDav (MS03-007), Veritas (CAN-2004-1172), ASN.1 (MS04-007)
- backdoors left behind by the W32/MyDoom and W32/Bagle family of worms
- networks protected by weak passwords
W32/Rbot-DZX runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Rbot-DZX includes functionality to:
- access the internet and communicate with a remote server via HTTP
- record keystrokes
- act as a proxy redirecting internet traffic
- steal CD game keys
- terminate security and anti-virus related processes
- perform DDoS attacks