ウイルスタイプ: Worm

別　名: Backdoor.Win32.Agobot.gen (Kaspersky), W32/Gaobot.worm.gen.e (McAfee), W32.HLLW.Gaobot.gen (Symantec), Worm/AgoBot.138240.1 (Avira), W32/Agobot-TU (Sophos),

感染報告の有無 : なし

破壊活動の有無: なし

言語: English

プラットフォーム: Windows NT, 2000, XP

暗号化: なし

特　徴: 

This worm propagates by generating IP addresses and dropping a copy of itself in the default shares ADMIN$ and IPC$ of the target addresses.

This worm also exploits certain Microsoft Windows vulnerabilities.

It takes advantage of the Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability present on Windows, which allows an attacker to gain full access and execute any code on a target machine, leaving it compromised.

Read more on this vulnerability from the following link:

• Microsoft Security Bulletin MS03-026

This worm also has backdoor capabilities. It connects to an Internet Relay Chat (IRC) server and joins a specific IRC channel where it receives the commands coming from a remote malicious user.

It is capable of terminating certain processes, which are mostly antivirus related. It also appends data in the said file, which prevents a user from accessing antivirus and security-related Web sites.

このウイルスに関しては次の情報も参照してください。
対応方法
詳細
感染状況

情報公開日: 2005/03/03

ウイルスデータベース検索

このウイルス情報に関して. こちらのアンケートにお答えください。