Sophos

W32/Rbot-MY

Aliases
  • Backdoor.Win32.Rbot.gen
Category
Type
What to do
Prevalence low high

Summary

 
How it spreads
  • Network shares
Affected operating systems Windows
Characteristics
  • Installs itself in the registry
Protection available since 18 October 2004 07:53:51 (GMT)
Detected by All Sophos products
Download Free virus scan
Download the Threat Detection Test
  • Free virus, spyware, and adware scan
  • Test your existing anti-virus protection
  • Find threats your anti-virus missed

Action

More Information

W32/Rbot-MY is a network worm and IRC backdoor Trojan for the Windows platform.

The worm copies itself to a file named VideoLanPlayer.exe in the Windows system folder and creates the following registry entries:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
Video Lan Player = VideoLanPlayer.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Video Lan Player = VideoLanPlayer.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\
Video Lan Player = VideoLanPlayer.exe

W32/Rbot-MY spreads using a variety of techniques including exploiting weak passwords on computers and SQL servers, exploiting operating system vulnerabilites (including DCOM-RPC, LSASS, WebDAV and UPNP) and using backdoors opened by other worms or Trojans.

W32/Rbot-MY can be controlled by a remote attacker over IRC channels.

Patches for the operating system vulnerabilities exploited by W32/Rbot-MY can be obtained from Microsoft at:

http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx
http://www.microsoft.com/technet/security/bulletin/ms03-039.mspx
http://www.microsoft.com/technet/security/bulletin/ms03-007.mspx
http://www.microsoft.com/technet/security/bulletin/ms01-059.mspx

RSS|Atom
Get reports about the latest virus and spyware threats delivered to your computer