Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

WORM_AGOBOT.BD

Nov 30, 2003 2:58AM PST

Virus type: Worm

Destructive: No

Aliases: W32.HLLW.Gaobot.gen, Win32.HLLW.Agobot

Description:

This worm propagates into machines on the same network by using exploits to the following vulnerabilities:

Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) (Microsoft Security Bulletin MS03-026)
RPC Locator (Microsoft Security Bulletin MS03-001)
IIS5/WEBDAV Buffer Overrun (Microsoft Security Bulletin MS03-007)
These vulnerabilities affect systems running Windows NT, 2000, and XP. Refer to the corresponding links for patch information.

This worm also propagates into machines with accessible shares. It uses a dictionary of passwords to log on and propagate into inaccesible network machines.

It receives commands via IRC. It allows remote users a variety of actions on affected machines including the ability to flood and attack specified sites.

It stops specific programs, including security and antivirus applications. It even has a short list of malware programs to terminate.

This worm runs on Windows 2000 and XP.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.BD

Discussion is locked