high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Protection available since | 24 February 2005 10:52:21 (GMT) |
| Last updated | 9 August 2005 17:47:01 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
Sophos Anti-Virus products detect members of the W32/Codbot family of worms as W32/Codbot-Gen.
Worms detected as W32/Codbot-Gen provide backdoor Trojan functionality to a remote attacker via IRC channels. Such worms may spread to remote network shares with weak passwords in response to a command from a remote attacker.
Members of W32/Codbot family typically attempt to exploit vulnerabilities, such as the LSASS vulnerability (MS04-011). Sophos Anti-Virus products detect members of the W32/Codbot family of worms as W32/Codbot-Gen.
Worms detected as W32/Codbot-Gen provide backdoor Trojan functionality to a remote attacker via IRC channels. Such worms may spread to remote network shares with weak passwords in response to a command from a remote attacker.
Members of W32/Codbot family may copy themselves to the Windows system folder and create entries in the following registry entries to run themselves when the user logs on:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
This backdoor functionality typically includes the ability to sniff packets, download further malicious code and steal passwords and other system information.
W32/Codbot worms may register themselves as service processes.
Members of W32/Codbot family typically attempt to exploit vulnerabilities, such as the LSASS vulnerability (MS04-011).
|
