PDA

Visualizza versione completa : WORM_SDBOT.AZ - Rischio 4 - Update


Giorgius
07-12-2003, 16.29.08
Effetti:
This worm drops a copy of itself using the file name, WUPDATED.EXE, in the Windows system folder. It then modifies the Windows registry so that it is executed at every system startup.
It spreads through the network by dropping copies of itself in shared drives with read/write access. It either establishes a connection to the IPC$ share, or it uses its own list of user names and passwords to log on to the system. It also propagates via the Internet, specifically through chat programs, by sending a copy of itself to all contacts found.
This malware also carries a backdoor routine. It has a built in IRC (Internet Relay Chat) client engine, which enables it to connect to an IRC channel and await commands from a remote user.
It runs on Windows NT, 2000 and XP.


Info:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AZ
http://www.alerta-antivirus.es/virus/detalle_virus.html?cod=3334&PHPSESSID=4575a1976e123d486a3282e88935d2b2


Aggiornamento AntiVirus al 07.12.03 ;)(Y)