W32/Rbot-PG is a network worm and backdoor Trojan for the Windows platform.
W32/Rbot-PG allows a malicious user remote access to an infected computer.
W32/Rbot-PG spreads using a variety of techniques including exploiting weak passwords on computers and SQL servers, exploiting operating system vulnerabilites (including DCOM-RPC, LSASS, WebDAV and UPNP) and using backdoors opened by other worms or Trojans.
W32/Rbot-PG can be controlled by a remote attacker over IRC channels.
W32/Rbot-PG is a network worm and backdoor Trojan for the Windows platform.
W32/Rbot-PG allows a malicious user remote access to an infected computer.
The worm copies itself to a file named wuanclt.exe in the Windows system folder and creates the following registry entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
*windows update = wuanclt.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
*windows update = wuanclt.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
*windows update = wuanclt.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
*windows update = wuanclt.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
*windows update = wuanclt.exe
W32/Rbot-PG spreads using a variety of techniques including exploiting weak passwords on computers and SQL servers, exploiting operating system vulnerabilites (including DCOM-RPC, LSASS, WebDAV and UPNP) and using backdoors opened by other worms or Trojans.
W32/Rbot-PG can be controlled by a remote attacker over IRC channels.
The following patches for the operating system vulnerabilities exploited by W32/Rbot-PG can be obtained from the Microsoft website:
MS04-011
MS03-026
MS03-007
MS01-059