The Web    Google
2/14: Dopbot-A Worm A Acts as IRC Bot

2/14: Dopbot-A Worm A Acts as IRC Bot
February 14, 2005

Worm_Dopbot.A is the first variant of the WORM_DOPBOT family. Similar to most worms that act as Internet Relay Chat bots, such as AGOBOT, SDBOT, RBOT, and SPYBOT families, this memory-resident worm also propagates via network shares by exploiting certain Microsoft vulnerabilities. In this case, WORM_DOPBOT.A exploits the RPC DCOM Interface Buffer Overflow vulnerability.

More information about this Windows vulnerability is found in the following Microsoft Web page:

Microsoft Security Bulletin MS03-026

Also, like the other worm families mentioned earlier, this worm also has backdoor capabilities. It also has the ability to steal system and user information.

One distinguishing characteristic of this worm, however, is its ability to lower the affected system's security settings, making the system vulnerable to malicious activities of other malware programs.

Technical details can be found at Panda Software page.

  • Securing the DoJ
  • Alliance Formed to Finger Hackers
  • 9/15: Forbot-C Spreads to Remote Shares
  • The Sober Virus Returns
  • Outtasking Solution to Company's Email Woes
  • 5/3: Kelvir-AM Worm Spreads Via IM
  • 1/13: Expl_Iconex-A an Animated Cursor File
  • Making Outlook Less Insecure
  • Netsky-D Ranked as High Risk
  • 802.11 Has DoS Vulnerability
  • 6/14: Dansh.worm!irc an IRC Bot
  • Cheap Security Camera