W32/Qbot-I is a worm and IRC backdoor Trojan for the Windows platform.
W32/Qbot-I attempts to spread via network shares using weak passwords.
W32/Qbot-I includes functionality to:
- steal passwords
- log keystrokes
- perform remote FTP commands
- harvest confidential information including MSN Explorer accounts
- inject code into other processes
- schedule tasks jobs or cron jobs on the infected computer
- send ping commands to remote destinations
- perform data dumps
- retrieve network TCP stack information
- harvest information from the Protected Storage areas
- harvest information from the Local Shared Object (LSO) for Macromedia Flash Player repositories
W32/Qbot-I may make modifications to the following registry entries:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce