The Web    Google
9/22: Agobot-XJ Worm Exploits Mic Flaws

9/22: Agobot-XJ Worm Exploits Mic Flaws
September 22, 2004

Worm_Agobot.XJ is a memory-resident worm that is another variant of the AGOBOT family that exploits several Microsoft vulnerabilities. They are discussed in the following pages:

  • Microsoft Security Bulletin MS01-059
  • Microsoft Security Bulletin MS02-061
  • Microsoft Security Bulletin MS03-026
  • Microsoft Security Bulletin MS03-007
  • Microsoft Security Bulletin MS04-011

    It can also use the backdoor capabilities of some malware to propagate into accessible systems.

    This worm propagates through network shares, and drops a copy of itself as SYSCONF.EXE in the Windows system folder. It uses a list of user names and passwords to gain access to shared folders.

    It acts as a server program controlled by an Internet Relay Chat (IRC) bot, thus capable of certain backdoor activities. It is also capable of stealing the CD keys of popular Windows-based applications and terminating certain programs. This worm also is capable of launching denial of service (DDoS) attacks.

    It runs on Windows NT, 2000 and XP.

    Technical details are at Trend Micro page.

  • 9/23: Backdoor-CHP Lets Data Through
  • Cobalt RaQ 4 Security Flaw Detected
  • Time to Trade in Geek Speak for Business Lingo
  • 3/15: Agobot-QV Worm Hooks to IRC Server
  • 2/14: Dopbot-A Worm A Acts as IRC Bot
  • 4/11: Mytob-AG Sends Copy of Itself
  • Free! Expert Help Fixing Your Top Security Problems
  • OpenVMS: An Old OS Hasn't Lost Security Footing
  • 4/27: Mytob-CY Worm Arrives as Email Attachment
  • 4/8: Mytob-AB Worm Comes as Attachment
  • 3/11: Ruzes-A Trojan Grabs Email Addresses
  • Compare Security Camera Products