The Web    Google
12/17: Forbot-DA Worm Targets Flaws

12/17: Forbot-DA Worm Targets Flaws
December 17, 2004

W32/Forbot-DA is a worm that attempts to spread to remote network shares and computers vulnerable to common exploits. W32/Forbot-DA also contains backdoor functionality, allowing unauthorized remote access to the infected computer via the IRC network, while running in the background as a service process.

W32/Forbot-DA connects to a preconfigured IRC channel and awaits commands from a remote intruder. These include commands to:

steal information
delete network shares
reduce system security
start a proxy server
participate in DDoS attacks
exploit vulnerabilities
steal registration keys for computer games
harvest email addresses from the Windows address book and Instant Messenger configuration files

More information can be found at Sophos page.

  • E-mail security and your legal liability
  • Programmers on Windows Code: Eyes Wide Shut
  • 1/3: Sdbot-SW Worm Hits Remote Shares
  • Will Users of Word 97 'Bug' Out?
  • Meta Group Slams Wireless LAN Suppliers on Security
  • Microsoft Defends Security Approaches
  • 2/17: Poebot-A Worm Has Backdoor Functions
  • Network-1 Offers Centralized Policy Control For Distributed Firewalls
  • New ID-Synch Access Management Software Ties to HR Systems
  • 1/13: Wurmark-E Worm Arrives As Zip Attachment
  • 10/27: Anpes Mass-Mailing Worm Uses Outlook
  • Buy Security Camera