The Web    Google
1/24: Worm_Agobot-AGK Exploits Windows Flaws

1/24: Worm_Agobot-AGK Exploits Windows Flaws
January 24, 2005

Worm_Agobot.AGK takes advantage of Windows vulnerabilities. They are:

  • IIS5/WEBDAV Buffer Overflow vulnerability
  • Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
  • Buffer Overflow in SQL Server 2000 vulnerability

    For more information about these Windows vulnerabilities, please refer to the following Microsoft Web pages:

    Microsoft Security Bulletin MS03-026
    Microsoft Security Bulletin MS03-007
    Microsoft Security Bulletin MS02-061

    It also attempts to log on to systems using a list of user names and passwords. It drops a copy of itself into accessible machines.

    This worm has backdoor capabilities. It executes commands sent in via Internet Relay Chat (IRC) and can be used to launch a Denial of Service (DoS) attack against specified target sites.

    It terminates certain antivirus processes and files dropped by other malware. It steals Microsoft Windows product IDs, AOL passwords and the CD keys of popular game applications.

    It prevents the user from accessing several antivirus and security-related Web sites.

    Technical details can be found at Trend Micro page.

  • Trolling For Anti-Phishing Laws
  • Bush Likely to Sign Anti-Spam Bill by Jan. 1
  • Time to Remind Users of Security Responsibilities
  • 9/2: Trojan Yipid Sends Chinese Email
  • PentaSafe Unveils Integrated Security Manager
  • 3/7: Forbot-ER Worm Contains Backdoor Functions
  • 7/1: PWSteal.Refest Steals Banking Info
  • 11/9: Rbot-PG Worm also a Trojan
  • FTC: Identity Theft, Fraud on the Rise
  • 2/21: MyDoom-BC an Email Worm for Windows
  • 9/22: Agobot-XJ Worm Exploits Mic Flaws
  • Security Camera Articles