Sophos's anti-virus products include proactive protection technology, which can defend against new threats without requiring an update. Sophos customers have been protected against W32/Rbot-UV (detected as W32/Rbot-Fam/Gen) since version 3.88
W32/Rbot-UV is a network worm with backdoor functionality for the Windows platform.
W32/Rbot-UV may spread to remote network shares protected by weak passwords and computers vulnerable to common exploits. The worm also opens up a backdoor, allowing unauthorised remote access to infected computers via the IRC network, while running in the background as a service process.
W32/Rbot-UV can receive commands from a remote intruder to:
delete network shares
log keypresses
participate in DDoS attacks
scan other computers for vulnerabilities
steal passwords
steal registration keys for computer games
create administrator accounts
terminate firewall and anti-virus processes
capture video from webcameras attached to the computer.
W32/Rbot-UV copies itself to the Windows system folder and sets the following registry entries to run itself automatically at system startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Windows Update
winupupdate1.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Windows Update
winupupdate1.exe