The Web    Google
2/14: Dopbot-A Worm A Acts as IRC Bot

2/14: Dopbot-A Worm A Acts as IRC Bot
February 14, 2005

Worm_Dopbot.A is the first variant of the WORM_DOPBOT family. Similar to most worms that act as Internet Relay Chat bots, such as AGOBOT, SDBOT, RBOT, and SPYBOT families, this memory-resident worm also propagates via network shares by exploiting certain Microsoft vulnerabilities. In this case, WORM_DOPBOT.A exploits the RPC DCOM Interface Buffer Overflow vulnerability.

More information about this Windows vulnerability is found in the following Microsoft Web page:

Microsoft Security Bulletin MS03-026

Also, like the other worm families mentioned earlier, this worm also has backdoor capabilities. It also has the ability to steal system and user information.

One distinguishing characteristic of this worm, however, is its ability to lower the affected system's security settings, making the system vulnerable to malicious activities of other malware programs.

Technical details can be found at Panda Software page.

  • Researcher: IE Cumulative Patch Inadequate
  • 5/2: Oscarbot Virus Spreads a Hyperlink
  • 10/26: Famus-B Worm Sends Email About Iraq
  • 10/28: Agobot-NU a Worm and Backdoor
  • Check Point Appliances Target Small Businesses
  • 4/20: Mytob-CC Worm Modifies Registry
  • Lasco.A Poses New Mobile Threat
  • Immunize Your Servers Against Attack
  • 9/1: Bugbear-I a Mass-Mailing Worm
  • Enterprise IM Spurs Privacy Concerns
  • 802.11 Has DoS Vulnerability
  • Security Camera Industry Information