The Web    Google
6/28: Rbot-CA Allows Remote Access

6/28: Rbot-CA Allows Remote Access
June 28, 2004

W32/Rbot-CA is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorized remote access to the infected computer via IRC channels while running in the background as a service process. W32/Rbot-CA spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate command from a remote user.

W32/Rbot-CA moves itself to the Windows system folder as a randomly named read-only, hidden, system EXE file and creates entries in the registry at the following locations to run on system startup:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ Microsoft Updating =
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\ Microsoft Updating =
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ Microsoft Updating =

More information is atSophos page.

  • IT Budget Woes Hampering Real-Time Responsiveness
  • 'Significant' Security Flaws Uncovered in Many Web Applications
  • Feinstein Tightens ID Theft Proposal
  • Buffer Overflows Patched in RealPlayer
  • 11/22: Swizzor-BQ Trojan Downloads, Runs Files
  • U.S. Bows to Europe as New Spam King
  • 7/12 Atak.A Worm Low Threat but High Traffic
  • 11/9: Rbot-PG Worm also a Trojan
  • Worldwide Security Server Appliance Market Hits $379 Million
  • Senate Panel Approves Anti-Spyware Bill
  • 4/12: Mytob-AS Worm Uses SMTP Engine
  • Security Camera Industry Information