high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Protection available since | 16 February 2005 12:26:20 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
To renable DCOM you can edit the registry, but it's better to use Dcomcnfg.exe. See Microsoft article 825750 for details.
More Information
W32/Codbot-C is a backdoor Trojan containing functionality to spread via network shares.
The worm connects to an IRC channel and listens for backdoor commands from a remote attacker. The backdoor functionality of the worm includes the ability to sniff packets, download further malicious code and steal passwords and other system information.
W32/Codbot-C may attempt to exploit a number of vulnerabilities, including the LSASS vulnerability (MS04-011). W32/Codbot-C is a backdoor Trojan containing functionality to spread via network shares.
The worm connects to an IRC channel and listens for backdoor commands from a remote attacker. The backdoor functionality of the worm includes the ability to sniff packets, download further malicious code and steal passwords and other system information.
When first run, W32/Codbot-C copies itself to the Windows system folder as MAPI32.EXE and installs itself as a service with service name "Extended MAPI Function Handler" and display name "Handling the loading of the MAPI API."
W32/Codbot-C may make the following change to the system registry:
HKLM\SOFTWARE\Microsoft\Ole
EnableDCOM
"N"
W32/Codbot-C may attempt to exploit a number of vulnerabilities, including the LSASS vulnerability (MS04-011).
|
