Troj/Agent-AT is a Trojan used for sending unsolicited commercial email (spam).
The Trojan downloads instructions from a preconfigured website every minute. These instructions provide details of what spam to send to whom. Status reports are sent back to the same site using HTTP POST.
Troj/Agent-AT may also attempt to find email addresses stored on the infected machine and include them in the list of spam recipients.
W32/Rbot-PE is a worm which attempts to spread via remote network shares. The worm contains backdoor Trojan functionality allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.
W32/Rbot-PE also has a backdoor component that allows a malicious intruder remote access shell to an infected computer.
The worm spreads to network shares with weak passwords using the following security exploits:
- LSASS exploit (MS04-011)
- RPC-DCOM exploit (MS04-012)
- WebDav exploit (MS03-007)