The Web    Google
7/13: Rbot-DL Empowers Remote Users

7/13: Rbot-DL Empowers Remote Users
July 13, 2004

W32/Rbot-DL is a network worm and backdoor Trojan for the Windows platform. It allows a malicious user remote access to an infected computer.

The worm copies itself to a file named winsyst.exe in the Windows system folder and creates the following registry entries:

Microsoft Update = winsyst.exe
Microsoft Update = winsyst.exe
Microsoft Update = winsyst.exe.

W32/Rbot-DL spreads using a variety of techniques including exploiting weak passwords on computers and SQL servers, exploiting operating system vulnerabilities (including DCOM-RPC, LSASS, WebDAV and UPNP) and using backdoors opened by other worms or Trojans.

W32/Rbot-DL can be controlled by a remote attacker over IRC channels.

More information is at Sophos page.

  • 1/24: Sdbot-TV Worm Lets Hackers In
  • Securing your Storage Assets
  • 5/20: Mytob-EU Worm Drops Copy
  • 3/21: Sumon-C an IM and P2P Worm
  • Virus Alert: Worm Uses Own SMTP Engine to Spread
  • Major Vendors Team for Open Security Standard
  • 3/8: SymbOS/Commwarrior-A Hits Nokia
  • Sophos Small-Business Suite Fights Viruses, Spam
  • 2/24: Agobot-QE a Backdoor Trojan & Worm
  • Senate Panel Approves Anti-Spyware Bill
  • 10/11: Noomy-A Worm Exploits Email, IRC
  • Computer security background information