The Web    Google
12/3: Rbot-QX a Worm and IRC Trojan

12/3: Rbot-QX a Worm and IRC Trojan
December 3, 2004

W32/Rbot-QX is a network worm and IRC backdoor Trojan for the Windows platform.

The worm copies itself to a file in the Windows system folder with a filename consisting of nine randomly chosen lowercase letters and an EXE extension.

W32/Rbot-QX spreads using a variety of techniques including exploiting weak passwords on computers and SQL servers, exploiting operating system vulnerabilities (including DCOM-RPC, LSASS, WebDAV and UPNP) and using backdoors opened by other worms or Trojans.

W32/Rbot-QX can be controlled by a remote attacker over IRC channels. The backdoor component of W32/Rbot-QX can be instructed by a remote user to perform the following functions:

start an FTP server
start a Proxy server
start a web server
take part in distributed denial-of-service (DDoS) attacks
log keypresses
capture screen/webcam images
packet sniffing
port scanning
download/execute arbitrary files
start a remote shell (RLOGIN)

More information can be found at Sophos page.

  • 5/3: SymbOS/Locknut-C Infects Handsets
  • 4/15: Trojan.Esteems Steals Private Info
  • Intellitactics Upgrades Security Manager Tool
  • Information Theft Reaches Estimated $59 Billion
  • IBM Buy Helps Clients Pinpoint Identity
  • Schumer Introduces No Spam Registry Bill
  • 10/20: Mydoom-AA Worm Spreads Via Email
  • Feds Hit Alleged Spammers in Sting
  • Researcher: IE Cumulative Patch Inadequate
  • 9/7: Blueworm-D a Memory-Resident Worm
  • 5/3: Bbprox-A Trojan Acts as Proxy Server
  • Security Camera Articles