Win32/Rbot.IAM (CA.com)

Date Published: 4 Oct 2007
Last Updated: 4 Oct 2007

Threat Assessment
Overall Risk:       Low
Wild:                    Low
Destructiveness: Medium
Pervasiveness:   Medium

Characteristics
Type:                 Worm
Category:          Win32
Also known as: WORM_Mal/Packer (Sophos),
                          WORM_SDBOT.CYL (Trend),
                          W32/Sdbot.YPA (exact) (F-Secure),
                          Backdoor.Win32.Rbot.bjp (Kaspersky),
                          Backdoor:Win32/IRCbot!93C0 (MS OneCare)

Description
Win32/Rbot.IAM is an IRC controlled backdoor (or ˝bot˝) that can be used to gain unauthorized access to a victim´s machine. It can also exhibit worm-like functionality by exploiting weak passwords on administrative shares and by exploiting many different software vulnerabilities, as well as backdoors created by other malware. There are many variants of Rbot, and more are discovered regularly. Rbot is highly configurable, and is being very actively developed, however the core functionality is quite consistent between variants.

For more detailed information regarding the functionality of the Win32.Rbot family, please visit the Win32.Rbot description elsewhere in our encyclopedia.

More information on CA Virus Information Center:
http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=66221

Computer Associates – the Trusted Source of Security Knowledge