[virusinfo] W32/Codbot-Gen

• From: "Mike" <mikebike@xxxxxxxxx>
• To: virusinfo@xxxxxxxxxxxxx
• Date: Thu, 30 Jun 2005 13:25:51 -0700

From; Sophos Alert System:

Name: W32/Codbot-Gen
Type: Win32 worm
Date: 30 June 2005

Sophos has issued protection for W32/Codbot-Gen.

At the time of writing, Sophos has received a small number of
reports of this worm from the wild.

Customers using EM Library, Enterprise Console, PureMessage or
any of our Sophos small business solutions will be automatically
protected at their next scheduled update.


Note: Sophos has updated this IDE to improve detection of the
W32/Codbot family of worms

Information about W32/Codbot-Gen can be found at:
http://www.sophos.com/virusinfo/analyses/w32codbotgen.html

Sophos Anti-Virus products detect members of the W32/Codbot family of worms as 
W32/Codbot-Gen. 
Worms detected as W32/Codbot-Gen provide backdoor Trojan functionality to a 
remote attacker via IRC channels. Such worms may spread to remote network 
shares with weak passwords in response to a command from a remote attacker. 
Members of W32/Codbot family may copy themselves to the Windows system folder 
and create entries in the following registry entries to run themselves when the 
user logs on: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal 
This backdoor functionality typically includes the ability to sniff packets, 
download further malicious code and steal passwords and other system 
information. 
W32/Codbot worms may register themselves as service processes. 
Members of W32/Codbot family typically attempt to exploit vulnerabilities, such 
as the LSASS vulnerability (MS04-011). 

The W32/Codbot-Gen virus identity file (IDE) includes detection for:


Troj/Borobt-Gen
http://www.sophos.com/virusinfo/analyses/trojborobtgen.html

Customers with 3.xx or lower versions of Sophos Anti-Virus, 
who are not running EM Library, can manually download the IDE
for W32/Codbot-Gen from:

http://www.sophos.com/downloads/ide/codbtgen.ide

Read about how to use IDE files at
http://www.sophos.com/support/knowledgebase/article/363.html

*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance  and OWTA Charter Member 

Other related posts:

• » [virusinfo] W32/Codbot-Gen
• » [virusinfo] W32/Codbot-Gen
• » [virusinfo] W32/Codbot-Gen
• » [virusinfo] W32/Codbot-Gen

1. Home
2. virusinfo
3. Archive
4. 06-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---