W32/Rbot-GNA

Category: Viruses and Spyware Protection available since:02 May 2007 00:00:00 (GMT)
Type: Win32 worm Last Updated:02 May 2007 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Rbot-GNA is a worm with IRC backdoor functionality for the Windows platform.
                        
W32/Rbot-GNA runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
                                    
W32/Rbot-GNA spreads to other network computers:
            
- by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812) and ASN.1 (MS04-007)

- networks protected by weak passwords
                        
When run W32/Rbot-GNA copies itself to <System>\netlprto.exe.
                        
The following registry entries are created to run netlprto.exe on startup:
                                    
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
vtmesys
netlprto.exe
                                    
W32/Rbot-GNA includes functionality to:
- download code from the internet
- perform port scanning
- perform DDoS attacks

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy