The Web    Google
4/7: Rbot-AAF Worm Hits Network Shares

4/7: Rbot-AAF Worm Hits Network Shares
April 7, 2005

W32/Rbot-AAF is a network worm that attempts to spread via network shares. The worm contains backdoor functions that allow unauthorized remote access to the infected computer via IRC channels while running in the background.

The worm spreads to network shares with weak passwords and also by using the LSASS security exploit (MS04-011), RPC-DCOM security exploit (MS03-039) and the WebDav security exploit (MS03-007).

Once installed, W32/Rbot-AAF will attempt to partake in distributed denial of service (DDoS) attacks, download and run files from the Internet, steal CD keys, log keystrokes and login to MS SQL servers and send EXEC commands to open a command shell when instructed to do so by a remote attacker.

W32/Rbot-AAF may try to exploit backdoors and vulnerabilities used by the MyDoom family of worms.

More information can be found at Sophos page.

  • Would Do-Not-Spam List Benefit the Enterprise?
  • Outtasking Solution to Company's Email Woes
  • SQL Server Security Checklist
  • Enterprise IM Spurs Privacy Concerns
  • Christmas Comes Early for Spammers
  • 4/27: Mytob-CY Worm Arrives as Email Attachment
  • 4/15: Sdbot-XC Worm Targets Passwords
  • 12/8: Rbot-RJ Worm Spreads to Shares
  • Fortinet To Deliver 3G Multifunction Security Appliance
  • CERT, ArcSight Partner With 3 Universities On Security Sharing
  • 1/12: Mugly-D Worm Drops IRC Backdoor
  • Compare Security Camera Products