Aliases
Backdoor.Agobot.gy, W32.Randex.gen, BKDR_SDBOT.GEN
Type
Win32 worm
Description
W32/RBot-A is a worm with a backdoor component that spreads on weakly protected network shares on the Windows platform. The worm spreads by scanning random IP addresses for open SMB ports (445) and trying to copy itself to the Windows system folder on the remote Admin$ and C$ shares as the file wuamgrd.exe.
W32/RBot-A uses an internal dictionary of common passwords to gain access. The worm attempts to schedule the copied file for later execution on the remote machine.
W32/RBot-A also has a backdoor component that allows a malicious user remote access to an infected computer. When run the worm attempts to contact a remote IRC server and join a specific channel to listen for commands.
More: http://www.sophos.com/virusinfo/analyses/w32rbota.html
 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
General discussion
W32/RBot-A
Discussion is locked
CNET Forums
Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Roadshow Autos
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic