| VID |
24079 |
| Severity |
40 |
| Port |
113 |
| Protocol |
TCP |
| Class |
BackDoor |
| Detailed Description |
A variant of the W32.Spybot.Worm has been detected as installed on the system. W32.Spybot.Worm is a detection for a family of worms that spreads using KaZaA file sharing and mIRC. This worm can also spread to computers that are infected with common backdoor Trojan horses.
The W32.Spybot.Worm has the following features:
- It may be remotely controlled, via Internet Relay Chat (IRC) channels.
- It includes Distributed Denial of Service (DDoS) and backdoor capabilities.
- It attempts to steal confidential information from the compromised system
- It attempts to exploit multiple vulnerabilities to spread.
* References:
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.fcd.html
* Platforms Affected:
Microsoft Windows Any version |
| Recommendation |
Remove this Worm immediately. Most antivirus software companies have updates their software to keep W32.Spybot.Worm at bay, so you should download any available updates through its Live Update feature and remove the W32.Spybot.Worm using antivirus software.
-- AND --
You ensure that all patches for the Microsoft Windows are applied in order to minimize the threat of a system compromise. And enforce a password policy for all user accounts. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
