The Web    Google
12/3: Rbot-QX a Worm and IRC Trojan

12/3: Rbot-QX a Worm and IRC Trojan
December 3, 2004

W32/Rbot-QX is a network worm and IRC backdoor Trojan for the Windows platform.

The worm copies itself to a file in the Windows system folder with a filename consisting of nine randomly chosen lowercase letters and an EXE extension.

W32/Rbot-QX spreads using a variety of techniques including exploiting weak passwords on computers and SQL servers, exploiting operating system vulnerabilities (including DCOM-RPC, LSASS, WebDAV and UPNP) and using backdoors opened by other worms or Trojans.

W32/Rbot-QX can be controlled by a remote attacker over IRC channels. The backdoor component of W32/Rbot-QX can be instructed by a remote user to perform the following functions:

start an FTP server
start a Proxy server
start a web server
take part in distributed denial-of-service (DDoS) attacks
log keypresses
capture screen/webcam images
packet sniffing
port scanning
download/execute arbitrary files
start a remote shell (RLOGIN)

More information can be found at Sophos page.

  • Linux Security: Tips from the Experts
  • 11/23: Backdoor.Sdbot.AH a Network-Aware Worm
  • 3/24: Rbot-DP an IRC Backdoor Trojan
  • 8/20: Rbot-GS Exploits Vulnerabilities
  • 10/20: Mydoom-AA Worm Spreads Via Email
  • 4/4: Symbos-Mabir-A Affects Symbian Cells
  • 11/8: Trojan.Beagooz Collects Addresses
  • PHP Zaps Security Leaks
  • A New Breed of Phish
  • A case study in security incident forensics and response.
  • MS Patches 'Moderate' DirectX Flaw
  • Computer security background information