W32/Francette-S is a Windows worm with an IRC backdoor component that spreads by scanning the internet for computers vulnerable to the RPC/DCOM exploit.
A patch for the vulnerability exploited by W32/Francette-S can be obtained from Microsoft at:
MS03-026
W32/Francette-S runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Francette-S is a Windows worm with an IRC backdoor component that spreads by scanning the internet for computers vulnerable to the RPC/DCOM exploit.
A patch for the vulnerability exploited by W32/Francette-S can be obtained from Microsoft at:
MS03-026
W32/Francette-S runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
In order to run automatically when Windows starts up the worm sets the following registry entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Microsoft IIS = <filename>
W32/Francette-S also modifies the Windows HOSTS file in an attempt to prevent access to the following websites:
ibank.barclays.co.uk
online-business.lloydstsb.co.uk
online.lloydstsb.co.uk
www.halifax-online.co.uk
www.ukpersonal.hsbc.co.uk
www.nwolb.com
banesnet.banesto.es
extranet.banesto.es