General discussion


Virus type: Worm

Destructive: No

This worm exploits certain vulnerabilities to propagate across networks. Like the earlier AGOBOT variants, it takes advantage of the following Windows vulnerabilities:

Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
IIS5/WEBDAV Buffer Overflow vulnerability
RPC Locator vulnerability
For more information about these Windows vulnerabilities, please refer to the following Microsoft Web pages:

Microsoft Security Bulletin MS03-026
Microsoft Security Bulletin MS03-001
Microsoft Security Bulletin MS03-007
It attempts to log into systems using a list of user names and passwords and then drops a copy.

It also terminates antivirus-related processes and steals CD keys of certain game applications. It also has backdoor capabilities and may execute remote commands in the host machine.

It runs on Windows NT, 2000 and XP.

Discussion is locked
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

CNET Forums