W32/Rbot-SD

Kategorie: Viren und Spyware
Typ: Win32 worm
Verbreitung:

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

W32/Rbot-SD is a network worm and IRC backdoor Trojan for the Windows platform.

W32/Rbot-SD spreads using a variety of techniques including exploiting weak passwords on computers and SQL servers, exploiting operating system vulnerabilities and using backdoors opened by other worms or Trojans.

W32/Rbot-SD can be controlled by a remote attacker over IRC channels. The backdoor component of W32/Rbot-SD can be instructed by a remote user to perform the following functions:

  • start an FTP server
  • start a proxy server
  • start a web server
  • take part in distributed denial-of-service (DDoS) attacks
  • log keypresses
  • capture screen/webcam images
  • packet sniffing
  • port scanning
  • download/execute arbitrary files
  • start a remote shell (RLOGIN)

W32/Rbot-SD is a network worm and IRC backdoor Trojan for the Windows platform.

W32/Rbot-SD spreads using a variety of techniques including exploiting weak passwords on computers and SQL servers, exploiting operating system vulnerabilities (including DCOM-RPC, LSASS, WebDAV and UPNP) and using backdoors opened by other worms or Trojans.

W32/Rbot-SD can be controlled by a remote attacker over IRC channels. The backdoor component of W32/Rbot-SD can be instructed by a remote user to perform the following functions:

  • start an FTP server
  • start a proxy server
  • start a web server
  • take part in distributed denial-of-service (DDoS) attacks
  • log keypresses
  • capture screen/webcam images
  • packet sniffing
  • port scanning
  • download/execute arbitrary files
  • start a remote shell (RLOGIN)


The worm copies itself to a file named iexpl0re.exe in the Windows system folder and creates the following registry entries:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
""
"iexpl0re.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
""
"iexpl0re.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
""
"iexpl0re.exe"

Patches for the operating system vulnerabilities exploited by W32/Rbot-SD can be obtained from Microsoft at:

http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx
http://www.microsoft.com/technet/security/bulletin/ms03-039.mspx
http://www.microsoft.com/technet/security/bulletin/ms03-007.mspx
http://www.microsoft.com/technet/security/bulletin/ms01-059.mspx

Download Sophos Produkte kostenlos testen
Jetzt downloaden

© 1997 - 2012 Sophos Ltd. Alle Rechte vorbehalten. Rechtliche Hinweise Datenschutzrichtlinie Impressum