Virus type: Worm
Destructive: Yes
This memory-resident malware has both worm and backdoor capabilities.
Like the earlier AGOBOT variants, it takes advantage of the following Windows vulnerabilities to propagate across networks:
Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
IIS5/WEBDAV Buffer Overflow vulnerability
RPC Locator vulnerability
For more information about these Windows vulnerabilities, please refer to the following Microsoft Web pages:
Microsoft Security Bulletin MS03-026
Microsoft Security Bulletin MS03-001
Microsoft Security Bulletin MS03-007
It drops itself as the file sys32.exe in the Windows system folder. It attempts to log into systems using a list of user names and passwords.
It connects to an Internet Relay Chat (IRC) server and opens a random port where it awaits malicious commands.
This malware also terminates processes and steals CD keys of certain game applications.
This worm usually arrives compressed twice with ASPACK2 and UPX.
It runs on Windows NT, 2000 and XP.
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.PS
 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
General discussion
WORM_AGOBOT.PS
Discussion is locked
CNET Forums
Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Roadshow Autos
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic