W32/Agobot-Q

Kategorie: Viren und Spyware Schutz verfügbar seit:22 Aug 2003 00:00:00 (GMT)
Typ: Win32 worm Zuletzt aktualisiert:28 Aug 2003 00:00:00 (GMT)
Verbreitung:

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

W32/Agobot-Q is a network aware worm and backdoor Trojan that allows unauthorised remote access to a computer.

When an attacker connects to the backdoor via a specific IRC channel they will be able to issue commands that cause the worm to scan the internet for computers to copy itself to. The scan will target network shares with weak passwords and computers vulnerable to both the DCOM RPC vulnerability and the locator service vulnerability. Patches for these two vulnerabilities are available from Microsoft at www.microsoft.com/technet/security/bulletin/MS03-026.asp and www.microsoft.com/technet/security/bulletin/MS03-001.asp respectively.

W32/Agobot-Q is copied to the Windows system folder with the filenames svchosl.exe and winhl32.exe and adds the following entries to the registry so that the Trojan is run when Windows starts up:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Config Loader = svchosl.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Config Loader = svchosl.exe

Download Sophos Produkte kostenlos testen
Jetzt downloaden

© 1997 - 2012 Sophos Ltd. Alle Rechte vorbehalten. Rechtliche Hinweise Datenschutzrichtlinie Impressum