W32/Codbot-A is a backdoor which contains functionality to spread via network shares.
W32/Codbot-A contains backdoor functionality which is likely to include packet sniffing and downloading further code.
W32/Codbot-A may attempt to exploit a number of vulnerabilities.
W32/Codbot-A is a backdoor which contains functionality to spread via network shares.
When first run, W32/Codbot-A copies itself to the Windows system folder as NETMON.EXE and installs this file as a service with servicename "Netmon" and display name "Network Monitoring Service". The worm attempts to connect to an IRC channen and listens for backdoor commands from a remote attacker.
W32/Codbot-A contains backdoor functionality which is likely to include packet sniffing and downloading further code.
W32/Codbot-A may create Run and RunServices registry entries in order to run itself on system startup.
W32/Codbot-A makes the following change to the system registry:
HKLM\SOFTWARE\Microsoft\Ole
EnableDCOM
"N"
W32/Codbot-A may attempt to exploit a number of vulnerabilities.