[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re[2]: [Full-Disclosure] Look what's back for New Years
From: Papp Geza <pappgeza () tolna ! net>
Date: 2003-12-31 0:37:59
Message-ID: 12178207046.20031231013759 () tolna ! net
[Download RAW message or body]
Hello
2003. december 31., 0:12:59, írtad:
> > me off-list and I'll zip it to you). Headers etc below for
> > your amusement.
BZ> Back???
BZ> They never stopped. It's Gibe-F.
BZ> part000.txt - is OK
BZ> http://www.nod32.com
RPC-DCOM viruses is never stopped, other more new variant is.
This mail recieve before 10 min
W32/Agobot-BT
Aliases
W32.HLLW.Gaobot.gen
Type
Win32 worm
Description
W32/Agobot-BT is a network worm which also allows unauthorised remote access to the computer \
via IRC channels. W32/Agobot-BT copies itself to network shares with weak passwords and \
attempts to spread to computers using the DCOM RPC and the RPC locator vulnerabilities.
These vulnerabilities allow the worm to execute its code on target computers with System level \
priviledges. For further information on these vulnerabilities and for details on how to \
protect/patch the computer against such attacks please see Microsoft security bulletins \
MS03-001 and MS03-026. MS03-026 has been superseded by Microsoft security bulletin MS03-039.
W32/Agobot-BT copies itself to the Windows system folder as sysinfo.exe and creates the \
following registry entries to run itself on system restart:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Configuration Loader
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Configuration Loader
Each time W32/Agobot-BT is run it attempts to connect to a remote IRC server and join a \
specific channel.
W32/Agobot-BT attempts to terminate various processes related to anti-virus and security \
software (e.g. SWEEP95.EXE, BLACKICE.EXE and ZONEALARM.EXE).
--
Üdvözlettel,
GEza mailto:pappgeza@tolna.net
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic