W32/Lilbre-A

Catégorie: Virus et spywares
Type: Win32 worm
Prévalence:

Download Téléchargez notre outil gratuit de suppression des virus - Découvrez ce que votre antivirus actuel n'a pas su détecter

W32/Lilbre-A is a network worm and backdoor for the Windows platform.

W32/Lilbre-A spreads to other network computers by exploiting common buffer overflow vulnerabilities, including LSASS (MS04-011) and PnP (MS05-039).

W32/Lilbre-A also contains the functionality to act as an ftp server allowing access to remote users.

W32/Lilbre-A will copy itself to the Windows system folder as wuaaclt.exe and create the following registry entry:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PNP
<Windows system folder>\wuaaclt.exe

W32/Lilbre-A will also remove several registry entries under the following entries:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

The following patches for the operating system vulnerabilities exploited by W32/Lilbre-A can be obtained from the Microsoft website:
MS04-011
MS05-039

download Essayez les produits Sophos gratuitement
Téléchargez maintenant

© 1997 - 2012 Sophos Ltd. Tous droits réservés. Mentions légales Confidentialité