W32/Delbot-AK

Category: Viruses and Spyware Protection available since:17 Apr 2007 00:00:00 (GMT)
Type: Win32 worm Last Updated:17 Apr 2007 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed


W32/Delbot-AK is a worm with backdoor functionality for the Windows platform.

W32/Delbot-AK spreads to other network computers by:
- Scanning network shares for weak passwords
- Exploiting common buffer overflow vulnerabilities
- Symantec (SYM06-010)
- Microsoft Security Advisory (935964): Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution. W32/Delbot-AK is a worm with backdoor functionality for the Windows platform.

W32/Delbot-AK spreads to other network computers by:
- Scanning network shares for weak passwords
- Exploiting common buffer overflow vulnerabilities
- Symantec (SYM06-010)
- Microsoft Security Advisory (935964): Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution.

When first run W32/Delbot-AK copies itself to <System>\ntoepad.exe and attempts to download and execute a file from a remote location to <Root>\radi.exe. At the time of writing, this file was unavailable for download

The following registry entry is created to run ntoepad.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Notepad
<System>\ntoepad.exe

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy