Win32.Rbot.DJX (CA.com)
Win32.Rbot.DJX (CA.com)
Description Published: 2005. augusztus 31.
Description Modified: 2005. augusztus 31.
Characteristics
Type: Worm
Category: Win32
Also known as: W32/Backdoor.EXS (F-Secure),
Win32/RBot.95744!Worm (InoculateIT)
Description
Win32.Rbot.DJX is an IRC controlled backdoor (or ˝bot˝) that can be used to gain unauthorized access to a victim´s machine. It can also exhibit worm-like functionality by exploiting weak passwords on administrative shares and by exploiting many different software vulnerabilities, as well as backdoors created by other malware. There are many variants of Rbot, and more are discovered regularly. Rbot is highly configurable, and is being very actively developed, however the core functionality is quite consistent between variants.
This particular variant of Rbot is distributed as a 95,744 byte, Win32 executable that exhibits the following specific characteristics:
When executed this variant copies itself to the %System% directory as ntfsckd.exe and makes the following modifications to the registry to ensure that this file is executed at each Windows system start:
HKCUSoftwareMicrosoftWindowsCurrentVersionRunWindows File System Checkd = ˝ntfsckd.exe˝
HKLMSoftwareMicrosoftWindowsCurrentVersionRunWindows File System Checkd = ˝ntfsckd.exe˝
HKLMSoftwareMicrosoftWindowsCurrentVersionRunServicesWindows File System Checkd = ˝ntfsckd.exe˝
Note: ´%System%´ and ´%Windows%´ are variable locations. The Worm determines the location of these folders by querying the operating system. The default location for the System directory for Windows 2000 and NT is C:WinntSystem32; for 95,98 and ME is C:WindowsSystem; and for XP is C:WindowsSystem32. The default installation location for the Windows directory for Windows 2000 and NT is C:Winnt; for 95,98 and ME is C:Windows; and for XP is C:Windows.
More information on CA Virus Information Center:
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=43787
Computer Associates – the Trusted Source of Security Knowledge
Back
- Microsoft revamps Bing to include interactive social sidebar
The three-column interface also includes a ´snapshot´ for more direct interaction with products and places.
- Adobe Creative Cloud Now Available
Two New Touch Apps for iOS and Adobe Muse Also Shipping
- Acer G6 series - Super-slim design, inspiring performance
- Come Explore the VIA Smart Ecosystem at Computex 2012
- HP tries to beat ultrabook pricing with thin-and-light Sleekbooks
- MasterCard´s PayPass Wallet will span online, mobile, in-store shopping
- Google infringed Java copyrights in Android, jury finds
- After false alarm, no verdict Friday in Oracle Google
- Lenovo building industrial center to develop tablets, smartphones
- Facebook´s valuation for IPO will be lower than initially expected
Member of IVSZ
Member of SZEK
Acer Affinity Gold partner
Dell Registered Partner
OKI System Shinrai Partner
XEROX Viszonteladó
APC megbízható szállító
EATON Authorized Partner
Cisco partner
Symantec Software Partner
ESET Partner
FUJITSU partner
LENOVO Premium Partner
IBM Business Partner
PARTNERS: Computerworld.hu | GameStar.hu | PCWorld.hu | SG.hu | PC Guru | Hitel