The Web    www.100share.com    Google
 
7/13: Rbot-DL Empowers Remote Users
 

7/13: Rbot-DL Empowers Remote Users
July 13, 2004

W32/Rbot-DL is a network worm and backdoor Trojan for the Windows platform. It allows a malicious user remote access to an infected computer.

The worm copies itself to a file named winsyst.exe in the Windows system folder and creates the following registry entries:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Microsoft Update = winsyst.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Microsoft Update = winsyst.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
Microsoft Update = winsyst.exe.

W32/Rbot-DL spreads using a variety of techniques including exploiting weak passwords on computers and SQL servers, exploiting operating system vulnerabilities (including DCOM-RPC, LSASS, WebDAV and UPNP) and using backdoors opened by other worms or Trojans.

W32/Rbot-DL can be controlled by a remote attacker over IRC channels.

More information is at Sophos page.


 
  • 7/30: Tompai-A Has Backdoor Functionality
  • 1/13: Expl_Iconex-A an Animated Cursor File
  • Can Market Forces Secure the Internet?
  • Hitachi offers up centralized application security platform
  • Look Out For 3-Headed Plexus Worm
  • 3/30: Anicmoo-C Trojan Arrives in Package
  • 4/20: Mytob-CC Worm Modifies Registry
  • Is a Job in Security the Cure for Job Insecurity?
  • 11/23: Yanz-B Worm Written in MSVC
  • 10/21: Rbot-NG Worm Spreads Remotely
  • Task Force Stresses Cooperation In Fighting Cyber Crime
  • Security Camera Articles

    		•