ウイルスタイプ: Worm

別　名: Backdoor.Win32.Rbot.gen (Kaspersky), W32/Sdbot.worm.gen.ae (McAfee), W32.Spybot.Worm (Symantec), Worm/Spybot.209920.5 (Avira), W32/Rbot-COI (Sophos), Backdoor:Win32/Rbot (Microsoft)

感染報告の有無 : なし

破壊活動の有無: なし

言語: English

プラットフォーム: Windows 95, 98, ME, NT, 2000, XP

暗号化: なし

特　徴: 

This worm takes advantage of the following vulnerabilities to propagate across networks:

• Buffer Overflow in SQL Server 2000 vulnerability
• IIS5/WEBDAV buffer overrun vulnerability
• Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
• Windows LSASS vulnerability

For more information about these vulnerabilities, refer to the following Web pages:

• Microsoft Security Bulletin MS02-061
• Microsoft Security Bulletin MS03-007
• Microsoft Security Bulletin MS03-026
• Microsoft Security Bulletin MS04-011

It uses NetBEUI functions to get available lists of user names and passwords. It then searches for and lists down shared folders, where it drops a copy of itself by using the gathered information. It also uses a list of user names and passwords aside from those it gathers in order to gain access on a target machine.

This worm has backdoor capabilities, and may execute commands coming from a remote malicious user. It also steals the Windows Product ID as well as CD keys of several game applications.

It runs on Windows 95, 98, ME, NT, 2000, and XP.

このウイルスに関しては次の情報も参照してください。
対応方法
詳細
感染状況

情報公開日: 2004/12/15

ウイルスデータベース検索

このウイルス情報に関して. こちらのアンケートにお答えください。