high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Protection available since | 15 February 2005 16:51:46 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Codbot-B is a backdoor which contains functionality to spread via network shares.
W32/Codbot-B contains backdoor functionality which includes packet sniffing and downloading further code,gathering system information and killing processes.
W32/Codbot-B may create Run and RunServices registry entries in order to run itself on system startup.
W32/Codbot-B may attempt to exploit a number of vulnerabilities. W32/Codbot-B is a backdoor which contains functionality to spread via network shares.
When first run, W32/Codbot-B copies itself to the Windows system folder as LSPOOL.EXE and installs this file as a service with servicename "Local Network Spooler" and display name " Loads files to memory for later outputing over the endpoint". The worm attempts to connect to an IRC channel and listens for backdoor commands from a remote attacker.
W32/Codbot-B contains backdoor functionality which includes packet sniffing and downloading further code,gathering system information and killing processes.
W32/Codbot-B may create Run and RunServices registry entries in order to run itself on system startup.
W32/Codbot-B may attempt to exploit a number of vulnerabilities.
|
