Worm_Dopbot.A is the first variant of the WORM_DOPBOT family. Similar to most worms that act as Internet Relay Chat bots, such as AGOBOT, SDBOT, RBOT, and SPYBOT families, this memory-resident worm also propagates via network shares by exploiting certain Microsoft vulnerabilities. In this case, WORM_DOPBOT.A exploits the RPC DCOM Interface Buffer Overflow vulnerability.
More information about this Windows vulnerability is found in the following Microsoft Web page:
Microsoft Security Bulletin MS03-026
Also, like the other worm families mentioned earlier, this worm also has backdoor capabilities. It also has the ability to steal system and user information.
One distinguishing characteristic of this worm, however, is its ability to lower the affected system's security settings, making the system vulnerable to malicious activities of other malware programs.
Technical details can be found at Panda Software page.
2/14: Dopbot-A Worm A Acts as IRC Bot
