PDA

Visualizza versione completa : Worm.W32/Randex.I@SMB - Rischio 3 - Update


Giorgius
18-10-2003, 17.48.34
Segnalazione di questa Variante del Worm "Randex" dalla Spagna...

Effetti:
W32/Randex-I is a network worm with backdoor capabilities which allows a
remote intruder to access and control the computer via IRC channels.
W32/Randex-I spreads over a network by copying itself to the Windows
system32 folder of C$ and Admin$ shares that contain weak passwords.
Each time the worm is run it tries to connect to a remote IRC server and
join a specific channel. The worm then runs in the background as a server
process listening for commands to execute.
When first run the worm copies itself to Windows system folder as
msnv32.exe and creates the following registry entries so that the worm is run
when Windows starts up:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run \Microsoft Netview Component v5.1 = msnv32.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\
RunServices\Microsoft Netview Component v5.1 = msnv32.exe

Info:
http://www.alerta-antivirus.es/virus/detalle_virus.html?cod=3153
http://www.sophos.com/virusinfo/analyses/w32randexi.html


Antivirus aggiornato al 18.10.03 ;)(Y)