Giorgius
05-11-2003, 20.47.06
Aliases:
W32.HLLW.Gaobot.CA (Symantec), Worm-Backdoor.W32/Gaobot.CA@RPC
Effetti:
W32.HLLW.Gaobot.CA is a minor variant of W32.HLLW.Gaobot.AO. It attempts to spread to network shares that have weak passwords and allows hackers to access an infected computer through an IRC channel.
The worm uses multiple vulnerabilities to spread, including:
The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135
The RPC locator vulnerability (described in Microsoft Security Bulletin MS03-001) using TCP port 445
The WebDav vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80
Info:
http://www.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ca.html
http://www.alerta-antivirus.es/virus/detalle_virus.html?cod=3221&PHPSESSID=696cdd9eb99fc7f050c461ae4f0c9ea1
Aggiornamento AntiVirus al 04.11.03 ;)(Y)
W32.HLLW.Gaobot.CA (Symantec), Worm-Backdoor.W32/Gaobot.CA@RPC
Effetti:
W32.HLLW.Gaobot.CA is a minor variant of W32.HLLW.Gaobot.AO. It attempts to spread to network shares that have weak passwords and allows hackers to access an infected computer through an IRC channel.
The worm uses multiple vulnerabilities to spread, including:
The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135
The RPC locator vulnerability (described in Microsoft Security Bulletin MS03-001) using TCP port 445
The WebDav vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80
Info:
http://www.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ca.html
http://www.alerta-antivirus.es/virus/detalle_virus.html?cod=3221&PHPSESSID=696cdd9eb99fc7f050c461ae4f0c9ea1
Aggiornamento AntiVirus al 04.11.03 ;)(Y)