W32/Delbot-AJ

Category: Viruses and Spyware Protection available since:17 Apr 2007 00:00:00 (GMT)
Type: Win32 worm Last Updated:17 Apr 2007 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Delbot-AJ is a worm with backdoor functionality for the Windows platform.

W32/Delbot-AJ spreads to other network computers by:
- Scanning network shares for weak passwords
- Exploiting common buffer overflow vulnerabilities
- Symantec (SYM06-010)
- Microsoft Security Advisory (935964): Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution.

W32/Delbot-AJ is a worm with backdoor functionality for the Windows platform.

W32/Delbot-AJ spreads to other network computers by:
- Scanning network shares for weak passwords
- Exploiting common buffer overflow vulnerabilities
- Symantec (SYM06-010)
- Microsoft Security Advisory (935964): Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution.

W32/Delbot-AJ runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer.

W32/Delbot-AJ includes functionality to download, install and run new software.

When first run W32/Delbot-AJ copies itself to <System>\mozila.exe and attempts to download a file to <Root>\radi.exe. At the time of writing, the download was not available.

The following registry entry is created to run mozila.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Mozila
<System>\mozila.exe

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy