The Web    Google
7/16: Rbot-DP Trojan Has Spreading Capability

7/16: Rbot-DP Trojan Has Spreading Capability
July 16, 2004

W32/Rbot-DP is an IRC backdoor Trojan with spreading capability. W32/Rbot-DP copies itself into the Windows system folder and sets the following registry entries to run itself automatically when Windows starts up:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft DirectX
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft DirectX
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Microsoft DirectX

W32/Rbot-DP logs onto a predefined IRC server and waits for backdoor commands. When receives the appropriate backdoor command W32/Rbot-DP will attempt to spread to other computers.

More information is at Sophos page.

  • 6/8: Trojan.Dingsta.A Logs Keystrokes
  • nCipher Offers Shareable Hardware Security Module
  • WIDCOMM Bluetooth a Virus Risk
  • 1/4: Sdbot-AI Worm/Trojan Lets Hackers In
  • Time to Remind Users of Security Responsibilities
  • Intellitactics Upgrades Security Manager Tool
  • Virus Update: Lovgate Worm Still Out
  • 5/2: Sober-S Worm a 'Medium Threat'
  • Sun Plays New Security Card with VeriSign
  • 1/10: Gaobot.CKP Worm Lets Hackers In
  • WiFi Security Concerns Easing
  • Security Camera Related Information