The Web    Google
12/17: Forbot-DA Worm Targets Flaws

12/17: Forbot-DA Worm Targets Flaws
December 17, 2004

W32/Forbot-DA is a worm that attempts to spread to remote network shares and computers vulnerable to common exploits. W32/Forbot-DA also contains backdoor functionality, allowing unauthorized remote access to the infected computer via the IRC network, while running in the background as a service process.

W32/Forbot-DA connects to a preconfigured IRC channel and awaits commands from a remote intruder. These include commands to:

steal information
delete network shares
reduce system security
start a proxy server
participate in DDoS attacks
exploit vulnerabilities
steal registration keys for computer games
harvest email addresses from the Windows address book and Instant Messenger configuration files

More information can be found at Sophos page.

  • 4/14: Mytob-BA Worm Variant Spreading
  • 2/2: Symbos_Locknut-A Hits Symbian Devices
  • Security Execs Identify Top Issues for 2005
  • nCipher Offers Shareable Hardware Security Module
  • IM Threat Center Formed
  • Linux Security: Tips from the Experts
  • 9/23: Backdoor-CHP Lets Data Through
  • 8/2: MyDoom-P Sends Spoofed Emails
  • FTC Seeks Court Order Against "Do Not Call" Web Site
  • 4/20: Mytob-CC Worm Modifies Registry
  • FTC Urges Industry Solutions to Spyware
  • Home Security Camera Background