3/7: Forbot-EP Worm Targets Remote Shares
March 7, 2005

W32/Forbot-EP is a worm that attempts to spread to remote network shares and computers vulnerable to common exploits. W32/Forbot-EP also contains backdoor Trojan functionality, allowing unauthorized remote access to the infected computer via the IRC network, while running in the background as a service process.

W32/Forbot-EP connects to a preconfigured IRC channel and awaits commands from a remote intruder. These include commands to steal information, delete network shares, reduce system security, start a proxy server, participate in DDoS attacks, exploit vulnerabilities, steal registration keys for computer games and harvest email addresses from the Windows address book and Instant Messenger configuration files.

More information can be found at Sophos page.