12/17: Forbot-DA Worm Targets Flaws
December 17, 2004

W32/Forbot-DA is a worm that attempts to spread to remote network shares and computers vulnerable to common exploits. W32/Forbot-DA also contains backdoor functionality, allowing unauthorized remote access to the infected computer via the IRC network, while running in the background as a service process.

W32/Forbot-DA connects to a preconfigured IRC channel and awaits commands from a remote intruder. These include commands to:

steal information
delete network shares
reduce system security
start a proxy server
participate in DDoS attacks
exploit vulnerabilities
steal registration keys for computer games
harvest email addresses from the Windows address book and Instant Messenger configuration files

More information can be found at Sophos page.