 12/3: Rbot-QX a Worm and IRC Trojan |
 |
|
|
|
|
|
12/3: Rbot-QX a Worm and IRC Trojan
December 3, 2004
W32/Rbot-QX is a network worm and IRC backdoor Trojan for the Windows platform. The worm copies itself to a file in the Windows system folder with a filename consisting of nine randomly chosen lowercase letters and an EXE extension.
W32/Rbot-QX spreads using a variety of techniques including exploiting weak passwords on computers and SQL servers, exploiting operating system vulnerabilities (including DCOM-RPC, LSASS, WebDAV and UPNP) and using backdoors opened by other worms or Trojans.
W32/Rbot-QX can be controlled by a remote attacker over IRC channels. The backdoor component of W32/Rbot-QX can be instructed by a remote user to perform the following functions:
start an FTP server
start a Proxy server
start a web server
take part in distributed denial-of-service (DDoS) attacks
log keypresses
capture screen/webcam images
packet sniffing
port scanning
download/execute arbitrary files
start a remote shell (RLOGIN)
More information can be found at Sophos page.
|
|
|
|
|
5/3: SymbOS/Locknut-C Infects Handsets
4/15: Trojan.Esteems Steals Private Info
Intellitactics Upgrades Security Manager Tool
Information Theft Reaches Estimated $59 Billion
IBM Buy Helps Clients Pinpoint Identity
Schumer Introduces No Spam Registry Bill
10/20: Mydoom-AA Worm Spreads Via Email
Feds Hit Alleged Spammers in Sting
Researcher: IE Cumulative Patch Inadequate
9/7: Blueworm-D a Memory-Resident Worm
5/3: Bbprox-A Trojan Acts as Proxy Server
Security Camera Articles
 |
