high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Protection available since | 22 May 2005 16:14:07 (GMT) |
| Detected by | All Sophos products |
Sophos beta program
- Endpoint Security and Control 9.0
- Small business solutions 4.0
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Tilebot-A is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels.
W32/Tilebot-A spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate command from a remote user.
W32/Tilebot-A copies itself to the Windows folder with the filename SDKTEMP.EXE and creates a service named "sdktemp" in order to run itself on system startup, to which it gives the fake description "Platform SDK Enviroment".
W32/Tilebot-A allows a remote user to perform a wide range of actions on the infected computer including downloading further files, setting registry entries and stealing information from the computer including from protected storage areas.
W32/Tilebot-A may attempt to contact scripts at the following addresses:
www.kinchan.net
yia.s22.xrea.com
cgi14.plala.or.jp
www2.dokidoki.ne.jp
www.age.ne.jp
hpcgi1.nifty.com
W32/Tilebot-A may attempt to drop the file RDRIV.SYS and set up a service for it named RDRIV. This file is currently detected as Troj/Rootkit-W.
|
