WORM_GAOBOT.DF |
|
| BugsAlert Home > WORM_GAOBOT.DF | |
|
This worm spreads via network shares, and takes advantage of the Windows vulnerabilities whose descriptions are found in the following Microsoft Web pages: It spreads by attempting to drop a copy of itself in the target addresses' default shares. If the said shares is password-protected, it uses NetBEUI functions to gather a list of user names and passwords, as well as a list of hardcoded user names and passwords as its login credentials. Using a random port, it connects to an Internet Relay Chat (IRC) server and joins a specific channel, where it listens for commands from a remote malicious user. The said commands are executed locally on affected machines. This routine compromises system security and opens the affected machine to further attacks. It performs denial of service (DoS) attacks against target sites using different flood methods. It terminates certain processes found running in memory. This worm is also capable of gathering and stealing Microsoft product keys and CD keys from popular gaming applications installed on affected machines. Original Source: http://feeds.trendmicro.com/~r/MalwareTop10/~3/171365963/default5.asp Learn more about WORM_GAOBOT.DF |
|
| Tags: worm gaobot.df | |
Related Items |
|
|
Debian: New pcre3 packages fix arbitrary code execution
|
|
|
Vuln: x10 Automatic MP3 Script 'web_root' Parameter Multiple Remote File Include Vulnerabilities
|
|
|
CVE-2008-4163 (bind)
|
|
|
CVE-2008-0861 (Lotus Quickplace)
|
|
|
CVE-2008-2500 (MostlyCE)
|
|
|
Mandriva Security Update Fixes Libxml2 Denial of Service Vulnerability
|
|
|
Microsoft FTP Client Multiple Bufferoverflow Vulnerability
|
|
