W32/Rbot-TS is a member of the W32/Rbot family of network worms. The worm can spread to weakly protected network shares, and to computers vulnerable to the RPC-DCOM and LSASS exploits (see Microsoft Security Bulletins MS04-012 and MS04-011 respectively).
The worm has a backdoor component that connects to a preconfigured IRC channel, allowing an attacker to issue instructions to the worm, thus giving access to an infected computer.
W32/Rbot-TS can be instructed to disable security software, scan remote computers, create and delete network shares, log any keystrokes made on the computer, upload and download files, and run programs.
More information can be found at Sophos page.
1/18: Rbot-TS Worm Spreads to Weak Shares
