The Web    Google
1/12: Kobot-B Worm Uses 3 Windows Flaws

1/12: Kobot-B Worm Uses 3 Windows Flaws
January 12, 2005

W32.Kobot.B is a worm that spreads through open network shares, telnet, dameware, realserv, VNC, and niprint. This worm also uses three remotely exploitable Windows vulnerabilities to propagate.

The worm can also function as an email relay and as a proxy for HTTP and SOCKS.

The worm uses multiple vulnerabilities to spread, including:

The Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011).
The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026).
The Microsoft SQL Server Web Task Stored Procedure Privilege Escalation Vulnerability (described in Microsoft Security Bulletin MS02-061).

Technical details can be found at Symantec page.

  • Researcher: IE Cumulative Patch Inadequate
  • 2/3: Rbot-SQ Worm Has Backdoor Abilities
  • Single Network Identity: Holy Grail or Nightmare?
  • Gilian Set to Unveil Enhanced Web Security Appliance
  • 7/28: Downloader-NE.dr a New Trojan
  • 4/26: Mytob-BO Worm Spreads Flaw
  • California Police Use Wireless Fingerprinting on Patrol
  • How hacking has entered the age of mass production.
  • Making Outlook Less Insecure
  • 5/3: Kelvir-AM Worm Spreads Via IM
  • 1/12: Buchon-C a Mass-Mailing Worm
  • Security Camera Price