W32/Akbot-AB

Category: Viruses and SpywareProtection available since:30 Jun 2006 00:00:00 (GMT)
Type: Win32 wormLast Updated:30 Jun 2006 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Akbot-AB is a network worm and backdoor Trojan for the Windows platform.

W32/Akbot-AB may attempt to spread to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011) and ASN.1 (MS04-007). W32/Akbot-AB is a network worm and backdoor Trojan for the Windows platform.

W32/Akbot-AB may attempt to spread to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011) and ASN.1 (MS04-007).

When first run W32/Akbot-AB copies itself to <System>\utasvc.dll.

The following registry entry is created to run code exported by utasvc.dll on
startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
utasvc
rundll32.exe <System>\utasvc.dll,start

W32/Akbot-AB may also modify the HOSTS file of an infected computer to deny access to various security related websites.