The Web    Google
1/18: Rbot-TS Worm Spreads to Weak Shares

1/18: Rbot-TS Worm Spreads to Weak Shares
January 18, 2005

W32/Rbot-TS is a member of the W32/Rbot family of network worms. The worm can spread to weakly protected network shares, and to computers vulnerable to the RPC-DCOM and LSASS exploits (see Microsoft Security Bulletins MS04-012 and MS04-011 respectively).

The worm has a backdoor component that connects to a preconfigured IRC channel, allowing an attacker to issue instructions to the worm, thus giving access to an infected computer.

W32/Rbot-TS can be instructed to disable security software, scan remote computers, create and delete network shares, log any keystrokes made on the computer, upload and download files, and run programs.

More information can be found at Sophos page.

  • House Renews Anti-Spyware Push
  • Bagle-AA Moves Maliciously into 3rd Place
  • 3/16: Trojan.Eaghouse Steals Info
  • 3/31: MyDoom-AI Worm Uses Email
  • 2/15: Randex-COX a Network-Aware Worm
  • Phishing Scams Increase 1,200% in 6 Months
  • 12/10: Agobot-NX an IRC Trojan & Worm
  • Buffer Overflows Patched in RealPlayer
  • 3/11: Rbot-XM Worm Hits Remote Shares
  • 9/9: BackDoor-CEB.C Remote Access Trojan
  • AntiOnline Security Spotlight: IDS with an Open Source Twist
  • Discussion on Security Camera