The Web    Google
1/18: Rbot-TS Worm Spreads to Weak Shares

1/18: Rbot-TS Worm Spreads to Weak Shares
January 18, 2005

W32/Rbot-TS is a member of the W32/Rbot family of network worms. The worm can spread to weakly protected network shares, and to computers vulnerable to the RPC-DCOM and LSASS exploits (see Microsoft Security Bulletins MS04-012 and MS04-011 respectively).

The worm has a backdoor component that connects to a preconfigured IRC channel, allowing an attacker to issue instructions to the worm, thus giving access to an infected computer.

W32/Rbot-TS can be instructed to disable security software, scan remote computers, create and delete network shares, log any keystrokes made on the computer, upload and download files, and run programs.

More information can be found at Sophos page.

  • 6/9: Rbot.AF Uses NetBEUI Functions
  • Stomping Out Spam: The Spam Series, Part 1
  • PGP: Extended Encryption For Compliance
  • AirDefense Describes Lack of Client Security at Show
  • 4/8: Mytob-S Worm Continues to Flourish
  • 9/8: Downloader-PG Brings in Trojan
  • 11/8: Trojan.Beagooz Collects Addresses
  • New Tool Helps Ensure Users Employ Strong Passwords
  • 1/27: Rbot-AIX Worm Has Backdoor Functions
  • 3/4; PWSteal.Bankash-B Trojan Steals Info
  • 4/8: Mytob-AB Worm Comes as Attachment
  • Security Camera Price