 1/28: Sdbot.Worm!166912 Spreading |
 |
|
|
|
|
|
1/28: Sdbot.Worm!166912 Spreading
January 28, 2005
W32/Sdbot.worm!166912 is a variant of W32/Sdbot.worm, and bears strong resemblance to the many other members of this rapidly growing family. It bears the following characteristics:
propagates to machines vulnerable to the following exploits:
DCcomRPC http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx
LSASS http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
propagates to machines with poorly secured network shares (weak username/password combinations)
propagates to MySQL and Microsoft SQL servers that are poorly secured (again weak username/password combinations)
propagates to remote machines (it generates random IPs) by attempting to copy itself to a number of shares
provides a backdoor to the victim machine, thereby compromising data on that machine (significant remote access functionality is availble to the hacker)
More information can be found at McAfee page.
|
|
|
|
|
DOJ Scores First Criminal P2P Convictions
7/12 Atak.A Worm Low Threat but High Traffic
2/2: Symbos_Locknut-A Hits Symbian Devices
11/23: Backdoor.Sdbot.AH a Network-Aware Worm
2/21: MyDoom-BC an Email Worm for Windows
AntiOnline Security Spotlight: CD-Wrecker
9/22: Agobot-XJ Worm Exploits Mic Flaws
Disaster Recovery Still Just an IT Responsibility
Sasser Worm Spreading Rapidly
11/9: Rbot-PG Worm also a Trojan
4/6: Randex-DFJ Worm Attacks Passwords
Security Camera Related Information
 |
